velociraptor-discuss

Contact owners and managers

1–30 of 337

This is a mailing list to discuss the Velociraptor Forensic Suite. You can find the code on https://gitlab.com/velocidex/velociraptor

Our website can be reached at https://docs.velociraptor.app

0 selected

Doraemon Nobi, Mike Cohen5

Jan 14

Minion Node service failing repeatedly due to GRPC Timeout

Hi, is there anything else that this problem could be pointed out to ? On Tuesday, January 13, 2026

unread,

Minion Node service failing repeatedly due to GRPC Timeout

Hi, is there anything else that this problem could be pointed out to ? On Tuesday, January 13, 2026

Jan 14

Lukas, Mike Cohen3

Jan 13

Notifications about Velociraptor

Hi, nice, RSS (security and github tags) seem to be working and are exactly what I was looking for.

unread,

Notifications about Velociraptor

Hi, nice, RSS (security and github tags) seem to be working and are exactly what I was looking for.

Jan 13

Michael Butler, Mike Cohen2

Jan 12

Frontend not listening on port I specify?

Can you please go through the troubleshooting steps? https://docs.velociraptor.app/docs/

unread,

Frontend not listening on port I specify?

Can you please go through the troubleshooting steps? https://docs.velociraptor.app/docs/

Jan 12

Mike Cohen

12/29/25

Hi everyone, I just published this advisory https://docs.velociraptor.app/announcements/advisories/

unread,

Hi everyone, I just published this advisory https://docs.velociraptor.app/announcements/advisories/

12/29/25

Paul Lindvay, Mike Cohen2

10/2/25

Help with VQL Query

You would normally access the column through the . Operator to get an array of the values https://

unread,

Help with VQL Query

You would normally access the column through the . Operator to get an array of the values https://

10/2/25

Mike Cohen

9/3/25

Re: Licence cost

Hey Faraaz, Velociraptor is available under the agpl licence at no cost for commercial or personal

unread,

Re: Licence cost

Hey Faraaz, Velociraptor is available under the agpl licence at no cost for commercial or personal

9/3/25

Dominic Bunch

7/25/25

macOS Quarantine Functionality?

Has the been any research or discussions (elsewhere) around developing a macOS quarantine artifact?

unread,

macOS Quarantine Functionality?

Has the been any research or discussions (elsewhere) around developing a macOS quarantine artifact?

7/25/25

Dominic Bunch, Mike Cohen10

6/10/25

VFS GUI inconsistently refreshing file finder listing

Thanks for the feedback too - I will add some tracking for the VFS post processing too. Mike Cohen

unread,

VFS GUI inconsistently refreshing file finder listing

Thanks for the feedback too - I will add some tracking for the VFS post processing too. Mike Cohen

6/10/25

Abed Sidani, Mike Cohen3

4/26/25

Velociraptor Syslog Monitor Tool

Thanks for this. Velociraptor audit events can be forwarded in a structured manner which probably

unread,

Velociraptor Syslog Monitor Tool

Thanks for this. Velociraptor audit events can be forwarded in a structured manner which probably

4/26/25

Abed Sidani, Mike Cohen6

4/12/25

Endpoint Status Button & Syslog Configuration issues.

Apologies for the delayed response. You were absolutely right—that was exactly the issue. I'm not

unread,

Endpoint Status Button & Syslog Configuration issues.

Apologies for the delayed response. You were absolutely right—that was exactly the issue. I'm not

4/12/25

Xavier Mertens, Mike Cohen4

3/27/25

FTKImager command line?

Judging by the URL this does not look so legitimate. Is it an official download with a suitable

unread,

FTKImager command line?

Judging by the URL this does not look so legitimate. Is it an official download with a suitable

3/27/25

Harmon Nine, … Mike Cohen7

3/18/25

Running velociraptor server in a docker

We currently do have tamper protection on any platform. Mike Cohen Digital Paleontologist, Velocidex

unread,

Running velociraptor server in a docker

We currently do have tamper protection on any platform. Mike Cohen Digital Paleontologist, Velocidex

3/18/25

Amy Whyte

3/5/25

artifact rss dates errors

Hopeful this is an easy fix. The rss feed for the following do not display the correct date. - built-

unread,

artifact rss dates errors

Hopeful this is an easy fix. The rss feed for the following do not display the correct date. - built-

3/5/25

Amy Whyte, Wes Lambert3

3/4/25

velociraptor docker

On Friday, February 28th, 2025 at 5:41 PM, Wes Lambert <wlamb...@gmail.com> wrote: Hi Amy,

unread,

velociraptor docker

On Friday, February 28th, 2025 at 5:41 PM, Wes Lambert <wlamb...@gmail.com> wrote: Hi Amy,

3/4/25

Carlos Cajigas, Mike Cohen3

2/19/25

Invisible Spaces, Cursor far away

Nope, not all of the themes. Ncurses is not displaying the behavior and that theme appears to be

unread,

Invisible Spaces, Cursor far away

Nope, not all of the themes. Ncurses is not displaying the behavior and that theme appears to be

2/19/25

Carlos Lopez, Mike Cohen2

2/18/25

Analysing Akira ransomware

That should be fine. The Journal file is normally very sparse so it can not be padded out but

unread,

Analysing Akira ransomware

That should be fine. The Journal file is normally very sparse so it can not be padded out but

2/18/25

Xavier Mertens, Mike Cohen16

2/5/25

Simple JSON log?

Here is the full solution ``` LET Parameter <= "Foo" LET artifacts_to_watch = SELECT

unread,

Simple JSON log?

Here is the full solution ``` LET Parameter <= "Foo" LET artifacts_to_watch = SELECT

2/5/25

Daniel D'Angeli, Mike Cohen6

1/27/25

Is the Windows.Forensics.LocalHashes.Usn artifact broken?

Yeah it's probably worth testing the latest head build You get one of those but following the

unread,

Is the Windows.Forensics.LocalHashes.Usn artifact broken?

Yeah it's probably worth testing the latest head build You get one of those but following the

1/27/25

Daniel D'Angeli, Mike Cohen3

1/24/25

What am i doing wrong with artifacts here?

I am not sure about the load - i guess this is something that should be looked into in testing. Maybe

unread,

What am i doing wrong with artifacts here?

I am not sure about the load - i guess this is something that should be looked into in testing. Maybe

1/24/25

Daniel D'Angeli, Mike Cohen2

1/23/25

Is it possible to forward Windows.ETW.FileCreation events to a remote syslog server?

Hi Daniel, syslog is not a particularly good format to forward logs because it is not structured. We

unread,

Is it possible to forward Windows.ETW.FileCreation events to a remote syslog server?

Hi Daniel, syslog is not a particularly good format to forward logs because it is not structured. We

1/23/25

Xavier Mertens, Mike Cohen3

1/15/25

Timeout when preparing download

Hi Mike, Worked perfectly, tx! On 14 Jan 2025, at 21:08, Mike Cohen <mi...@velocidex.com> wrote:

unread,

Timeout when preparing download

Hi Mike, Worked perfectly, tx! On 14 Jan 2025, at 21:08, Mike Cohen <mi...@velocidex.com> wrote:

1/15/25

Paul Kotila, Mike Cohen6

11/18/24

Velociraptor Logs to SIEM

Thank you, Mike. On Monday, November 18, 2024 at 9:06:22 AM UTC-6 Mike Cohen wrote: The Velociraptor

unread,

Velociraptor Logs to SIEM

Thank you, Mike. On Monday, November 18, 2024 at 9:06:22 AM UTC-6 Mike Cohen wrote: The Velociraptor

11/18/24

Paolo Leoni Work, Michael Cohen3

10/10/24

Run a scheduled hunt

That's perfect for my goal. Thank you Mike. ~p On Wed, Oct 9, 2024 at 11:34 PM Michael Cohen <

unread,

Run a scheduled hunt

That's perfect for my goal. Thank you Mike. ~p On Wed, Oct 9, 2024 at 11:34 PM Michael Cohen <

10/10/24

Paolo Leoni Work, Mike Cohen2

9/20/24

RPM/DEB agent creation from API

Hi Paolo, We had similar questions recently around creating MSI/RPM from the API. Although you can do

unread,

RPM/DEB agent creation from API

Hi Paolo, We had similar questions recently around creating MSI/RPM from the API. Although you can do

9/20/24

Carlos Cajigas, Mike Cohen3

9/15/24

File Finder Glob Table

Mike, That helped. I got it now! Thanks so much! Carlos On Mon, Sep 16, 2024 at 12:48 AM Mike Cohen

unread,

File Finder Glob Table

Mike, That helped. I got it now! Thanks so much! Carlos On Mon, Sep 16, 2024 at 12:48 AM Mike Cohen

9/15/24

Vishva Patel, Mike Cohen5

9/11/24

Cannot connect to API Server

Awesome. That worked. Thanks for your support. On Wednesday, September 11, 2024 at 9:45:04 AM UTC-4

unread,

Cannot connect to API Server

Awesome. That worked. Thanks for your support. On Wednesday, September 11, 2024 at 9:45:04 AM UTC-4

9/11/24

Bruce, … Mike Cohen4

9/6/24

Documentation/recommendations on deployment

I'm not familiar with the exact technologies you mention but generally velociraptor clients

unread,

Documentation/recommendations on deployment

I'm not familiar with the exact technologies you mention but generally velociraptor clients

9/6/24

Paolo Leoni Work, Mike Cohen6

8/27/24

Upload tool and artifact collection from cli

Thank you Mike, that was exactly what I needed. Paolo L. On Tue, Aug 27, 2024 at 4:30 AM Mike Cohen

unread,

Upload tool and artifact collection from cli

Thank you Mike, that was exactly what I needed. Paolo L. On Tue, Aug 27, 2024 at 4:30 AM Mike Cohen

8/27/24

Doraemon Nobi, Mike Cohen2

8/23/24

Passing arguments using pyvelociraptor API.

It looks like you are using the wrappers.py from here https://github.com/Velocidex/pyvelociraptor/

unread,

Passing arguments using pyvelociraptor API.

It looks like you are using the wrappers.py from here https://github.com/Velocidex/pyvelociraptor/

8/23/24

albatr0ss, Mike Cohen2

8/23/24

Using multiple deaddisks

Hi The best way is to make your dead disk image appear like a client and connect to a proper

unread,

Using multiple deaddisks

Hi The best way is to make your dead disk image appear like a client and connect to a proper

8/23/24