Scribd Logo
Upload

Welcome to Scribd!

  • Thread Hunting

    Uploaded by

    alex.dobrev.bg
    9 views1 page
    Velociraptor is an open-source endpoint detection and response tool used for threat hunting and incident response. Threat hunting proactively searches networks and systems for potential threats before damage occurs. Velociraptor threat hunting analyzes endpoint data from systems like logs, file activity, network traffic, and registries to identify threats or indicators of compromise in real-time. Velociraptor provides features like querying endpoint data, collecting artifacts, memory analysis, network monitoring, and custom rules that are useful for threat hunting.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Velociraptor is an open-source endpoint detection and response tool used for threat hunting and incident response. Threat hunting proactively searches networks and systems for potential threats before damage occurs. Velociraptor threat hunting analyzes endpoint data from systems like logs, file activity, network traffic, and registries to identify threats or indicators of compromise in real-time. Velociraptor provides features like querying endpoint data, collecting artifacts, memory analysis, network monitoring, and custom rules that are useful for threat hunting.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views1 page

    Thread Hunting

    Uploaded by

    alex.dobrev.bg
    Velociraptor is an open-source endpoint detection and response tool used for threat hunting and incident response. Threat hunting proactively searches networks and systems for potential threats before damage occurs. Velociraptor threat hunting analyzes endpoint data from systems like logs, file activity, network traffic, and registries to identify threats or indicators of compromise in real-time. Velociraptor provides features like querying endpoint data, collecting artifacts, memory analysis, network monitoring, and custom rules that are useful for threat hunting.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    1.

    1 Inspiration & setting up (Sprint 1)

    Velociraptor is an open-source endpoint detection and response (EDR) tool that is primarily
    used for threat hunting and incident response. Threat hunting is a proactive approach to
    cybersecurity that involves searching for potential threats or attackers in a network or system
    before they can cause damage.
    Velociraptor threat hunting involves using the Velociraptor EDR tool to analyze endpoint data,
    such as system logs, file system activity, network traffic, and registry changes, to identify
    potential threats or indicators of compromise (IOCs). This information can be used to detect and
    respond to advanced threats, such as malware or unauthorized access, in real-time.

    Velociraptor provides a range of features that are useful for threat hunting, including:

     Querying and analyzing endpoint data in real-time


     Collecting forensic artifacts and system snapshots
     Conducting memory analysis and malware detection
     Monitoring network traffic and identifying suspicious behavior
     Creating custom detection rules and alerts

     Installation and setup an client

    You might also like