Professional Documents
Culture Documents
Thread Hunting
Thread Hunting
Velociraptor is an open-source endpoint detection and response (EDR) tool that is primarily
used for threat hunting and incident response. Threat hunting is a proactive approach to
cybersecurity that involves searching for potential threats or attackers in a network or system
before they can cause damage.
Velociraptor threat hunting involves using the Velociraptor EDR tool to analyze endpoint data,
such as system logs, file system activity, network traffic, and registry changes, to identify
potential threats or indicators of compromise (IOCs). This information can be used to detect and
respond to advanced threats, such as malware or unauthorized access, in real-time.
Velociraptor provides a range of features that are useful for threat hunting, including: