Velociraptor Endpoint Agent Integration

Velociraptor Endpoint Agent Integration

Velociraptor is an endpoint agent that allows us (among other things): interrogate agents, run custom hunts (using their "VQL" syntax, download/upload/execute/delete files, perform triage and forensic acquisition, stop/start processes, and quarantine endpoints. It would be great to be able to plug into these agents from Siemplify to perform actions, return results, and list agents. The API is very open and Python friendly.

Velociraptor: https://www.velocidex.com/

Velociraptor API: https://www.velocidex.com/docs/user-interface/api/

2
2 votes

Open For Voting · Last Updated

Sign In or Register to comment.