Chris DiSalle  Nov 10, 2022

#DFIR Tip

Everyday when I get in the office, one of the first sites I check is the #Velociraptor Artifact Exchange by @velocidex. As a #DFIR practitioner, keeping up with the detections in my toolkit is just as critical as having a pulse on the latest #threatintel.

https://docs.velociraptor.app/exchange/

Artifact Exchange :: Velociraptor - Digging deeper!

Show threadRussell
@chrisdfir thanks for sharing I hadn't come across this before. Do you know osquery and how it compares to that?
Nov 10, 2022 at 10:40amWeb
Show threadChris DiSalle  Nov 10, 2022
@Kempley in my experience, velo is superior to osquery. It is written in go, uses a single standalone file for both server and client solution, leverages VQL over SQL, and has great agent management for live collection. Worth a quick spin if you haven't tried it out.