Skip to content

@scudette scudette released this Aug 9, 2019 · 13 commits to master since this release

This point release is just in time for the SANS Summit. If you are watching our presentation you can follow along at home with this release.

Assets 7

@scudette scudette released this Jul 15, 2019 · 21 commits to master since this release

This is the next point release for Velociraptor. This release coincides with the launch of the new Velociraptor documentation site at https://docs.velociraptor.velocidex.com/docs/ .

Some of the notable changes:

  • We have started to distribute Velociraptor as a signed MSI now. This makes deployment even easier than before. There is also an interactive configuration wizard which should help you get started in most common deployment scenarios. Read the getting started guide to see how to deploy Velociraptor.

  • We added a generic file finder artifact. This replaces the old deprecated flow of the same name. It is one of the more powerful artifacts and forms the basis to many others. Read more about it here

  • There are many GUI changes including a built in dashboard (you can still use Grafana but in most cases the built in dashboard is sufficient). Read the User Interface guide for a description of the new interface.

  • Many new binary parsers including AppCompatCache keys, sqlite and prefetch files.

  • We also have a new logo! Let us know if you like it...

image

As always, please file any issues to the issue board and ask your questions on the mailing list.

Assets 7

@scudette scudette released this May 20, 2019 · 57 commits to master since this release

This release introduces a major rework of the GUI:

  • Client monitoring artifacts are now settable via the GUI (without restarting the server)
  • Server event artifacts are now settable via the GUI
  • Better linking between screens.
  • Artifact collector can now search artifact descriptions.

Additionally we introduced reporting to the artifact view. A report is a template which can be added to the artifact to explain how to interpret the results. The report may issue VQL queries itself to to further post processing. There are a number of graphical primitives available to reports, such as tables, line charts and timelines.

As always file bugs and feature requests on https://github.com/Velocidex/velociraptor

Assets 6

@scudette scudette released this Apr 8, 2019 · 89 commits to master since this release

This is the next point release of Velociraptor - just in time for the CrikeyCon 2019 workshop!

Notable features:

  • Addition of raw registry accessor allows parsing of registry hives which are locked (like ntuser.dat or amcache).
  • Velociraptor now supports a reverse proxy for integration with Grafana.
  • Windows fuse implementation added.
  • Implemented artifact packs - Artifacts can now collect multiple VQL tables and contain other artifacts.
  • Ability to add read only users t the GUI.
Assets 6

@scudette scudette released this Feb 20, 2019 · 111 commits to master since this release

This is the next release of Velociraptor.

This release brings many improvements to scalability and efficiency. The main features are:

  • Velociraptor can now use self signed SSL for all connections (gRPC, client/server and GUI).
  • Velociraptor can now dump process memory using the proc_dump() VQL plugin.
  • Implemented exported files which are included in artifacts verbatim.
  • Added the ability to set artifact parameters in GUI.
  • Velociraptor can now collect dns query logs on the end point and stream to the server.
  • Client side throttling allows heavy collections on the endpoint with minimal performance impact.
  • Flow completion notifications allow VQL queries to track completed flows.
  • Python bindings added.
  • Console added for command line completion of VQL queries.
  • VBA macro extractor can dump VBA macros from office documents.
  • A fifo() VQL plugin allows to write artifacts with time detection (e.g. detect a successful login after 3 failed ones).
  • Prometheus metrics
  • Authenticode support.
  • All connections now use TLS - gRPC API is always using TLS now.
  • Updated license to AGPLv3.
  • Window and macOS binaries are now signed.
Assets 6

@scudette scudette released this Dec 28, 2018 · 147 commits to master since this release

This is the next point release of Velociraptor.

This release brings many features:

  1. Velociraptor can use autocert to provision its own SSL certs.
  2. Velociraptor now supports oauth so it can be used with Google's SSO.
  3. Hunts flow is now reworked to be much simpler.
  4. Lots of GUI improvements:
    • Artifact editor allows users to copy and tweak existing artifacts.
    • Remove a lot of old GRR GUI elements which are no longer used.

The details are described in our blog posts:

Assets 5

@scudette scudette released this Dec 13, 2018 · 161 commits to master since this release

This is the next point release of Velociraptor.

Highlights of this release include:

  • Added interactive shell and execve() VQL plugin. It is now possible to write artifacts which run arbitrary commands on the client.
  • Server side VQL can be used to watch client monitoring events and raise alerts.
  • Added artifact acquisition which allows to run multiple event artifacts concurrently to watch and react to rules.

The details are described in our blog posts:

Assets 5
Pre-release
Pre-release

@scudette scudette released this Nov 13, 2018 · 174 commits to master since this release

This is the next point release of the Velociraptor DFIR tool.

This release introduces the event monitoring framework. This allows Velociraptor to watch event logs and record process execution logs on Windows.

More details in the workshop slides:
https://docs.velociraptor.velocidex.com/blog/html/2018/11/13/velociraptor_training_at_nzitf.html

Assets 9
Pre-release
Pre-release

@scudette scudette released this Sep 3, 2018 · 191 commits to master since this release

Welcome to the next point release of Velociraptor - an advanced endpoint monitoring and response tool based on the Velocidex Query Language (VQL).

This release introduces the new client communication protocol. This allows Velociraptor clients to be
responsive and fast and offers a huge improvement over previous releases. Read more about this on our
blog at https://velociraptor-blog.velocidex.com/2018/09/velociraptors-client-communication.html

Binaries for Linux and Windows are available:

Assets 4
You can’t perform that action at this time.