// arsenal·Blue TeamAdvancedFOSS

Velociraptor

Rapid7's open-source endpoint visibility + collection tool — DFIR at fleet scale.

Blue Team

$ velociraptor --help

Velociraptor

// what it is

Description

Mike Cohen's open-source DFIR collection tool that runs VQL (Velociraptor Query Language) hunts across thousands of endpoints in parallel. The free spiritual successor to GRR.

// use cases

What people use it for

Fleet-wide DFIR hunts
Live endpoint forensic collection

// commands

The commands you'll type

Start server

$ velociraptor --config server.yaml frontend

// facts

category: Blue Team
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Advanced

// links

// related in Blue Team

Blue TeamIntermediate

Snort

The original open-source network intrusion detection system.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

Suricata

OISF's multi-threaded NIDS — modern Snort-rule-compatible alternative.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

Wazuh

Open-source XDR + SIEM platform — OSSEC fork with modern dashboards.

FOSS

LIN·WIN·MAC

open entry →