velociraptor-discuss

Contact owners and managers

1–30 of 330

This is a mailing list to discuss the Velociraptor Forensic Suite. You can find the code on https://gitlab.com/velocidex/velociraptor

Our website can be reached at https://docs.velociraptor.app

0 selected

Dominic Bunch, Mike Cohen10

Jun 10

VFS GUI inconsistently refreshing file finder listing

Thanks for the feedback too - I will add some tracking for the VFS post processing too. Mike Cohen

unread,

VFS GUI inconsistently refreshing file finder listing

Thanks for the feedback too - I will add some tracking for the VFS post processing too. Mike Cohen

Jun 10

Abed Sidani, Mike Cohen3

Apr 26

Velociraptor Syslog Monitor Tool

Thanks for this. Velociraptor audit events can be forwarded in a structured manner which probably

unread,

Velociraptor Syslog Monitor Tool

Thanks for this. Velociraptor audit events can be forwarded in a structured manner which probably

Apr 26

Abed Sidani, Mike Cohen6

Apr 12

Endpoint Status Button & Syslog Configuration issues.

Apologies for the delayed response. You were absolutely right—that was exactly the issue. I'm not

unread,

Endpoint Status Button & Syslog Configuration issues.

Apologies for the delayed response. You were absolutely right—that was exactly the issue. I'm not

Apr 12

Xavier Mertens, Mike Cohen4

Mar 27

FTKImager command line?

Judging by the URL this does not look so legitimate. Is it an official download with a suitable

unread,

FTKImager command line?

Judging by the URL this does not look so legitimate. Is it an official download with a suitable

Mar 27

Harmon Nine, … Mike Cohen7

Mar 18

Running velociraptor server in a docker

We currently do have tamper protection on any platform. Mike Cohen Digital Paleontologist, Velocidex

unread,

Running velociraptor server in a docker

We currently do have tamper protection on any platform. Mike Cohen Digital Paleontologist, Velocidex

Mar 18

Amy Whyte

Mar 5

artifact rss dates errors

Hopeful this is an easy fix. The rss feed for the following do not display the correct date. - built-

unread,

artifact rss dates errors

Hopeful this is an easy fix. The rss feed for the following do not display the correct date. - built-

Mar 5

Amy Whyte, Wes Lambert3

Mar 4

velociraptor docker

On Friday, February 28th, 2025 at 5:41 PM, Wes Lambert <wlamb...@gmail.com> wrote: Hi Amy,

unread,

velociraptor docker

On Friday, February 28th, 2025 at 5:41 PM, Wes Lambert <wlamb...@gmail.com> wrote: Hi Amy,

Mar 4

Carlos Cajigas, Mike Cohen3

Feb 19

Invisible Spaces, Cursor far away

Nope, not all of the themes. Ncurses is not displaying the behavior and that theme appears to be

unread,

Invisible Spaces, Cursor far away

Nope, not all of the themes. Ncurses is not displaying the behavior and that theme appears to be

Feb 19

Carlos Lopez, Mike Cohen2

Feb 18

Analysing Akira ransomware

That should be fine. The Journal file is normally very sparse so it can not be padded out but

unread,

Analysing Akira ransomware

That should be fine. The Journal file is normally very sparse so it can not be padded out but

Feb 18

Xavier Mertens, Mike Cohen16

Feb 5

Simple JSON log?

Here is the full solution ``` LET Parameter <= "Foo" LET artifacts_to_watch = SELECT

unread,

Simple JSON log?

Here is the full solution ``` LET Parameter <= "Foo" LET artifacts_to_watch = SELECT

Feb 5

Daniel D'Angeli, Mike Cohen6

Jan 27

Is the Windows.Forensics.LocalHashes.Usn artifact broken?

Yeah it's probably worth testing the latest head build You get one of those but following the

unread,

Is the Windows.Forensics.LocalHashes.Usn artifact broken?

Yeah it's probably worth testing the latest head build You get one of those but following the

Jan 27

Daniel D'Angeli, Mike Cohen3

Jan 24

What am i doing wrong with artifacts here?

I am not sure about the load - i guess this is something that should be looked into in testing. Maybe

unread,

What am i doing wrong with artifacts here?

I am not sure about the load - i guess this is something that should be looked into in testing. Maybe

Jan 24

Daniel D'Angeli, Mike Cohen2

Jan 23

Is it possible to forward Windows.ETW.FileCreation events to a remote syslog server?

Hi Daniel, syslog is not a particularly good format to forward logs because it is not structured. We

unread,

Is it possible to forward Windows.ETW.FileCreation events to a remote syslog server?

Hi Daniel, syslog is not a particularly good format to forward logs because it is not structured. We

Jan 23

Xavier Mertens, Mike Cohen3

Jan 15

Timeout when preparing download

Hi Mike, Worked perfectly, tx! On 14 Jan 2025, at 21:08, Mike Cohen <mi...@velocidex.com> wrote:

unread,

Timeout when preparing download

Hi Mike, Worked perfectly, tx! On 14 Jan 2025, at 21:08, Mike Cohen <mi...@velocidex.com> wrote:

Jan 15

Paul Kotila, Mike Cohen6

11/18/24

Velociraptor Logs to SIEM

Thank you, Mike. On Monday, November 18, 2024 at 9:06:22 AM UTC-6 Mike Cohen wrote: The Velociraptor

unread,

Velociraptor Logs to SIEM

Thank you, Mike. On Monday, November 18, 2024 at 9:06:22 AM UTC-6 Mike Cohen wrote: The Velociraptor

11/18/24

Paolo Leoni Work, Michael Cohen3

10/10/24

Run a scheduled hunt

That's perfect for my goal. Thank you Mike. ~p On Wed, Oct 9, 2024 at 11:34 PM Michael Cohen <

unread,

Run a scheduled hunt

That's perfect for my goal. Thank you Mike. ~p On Wed, Oct 9, 2024 at 11:34 PM Michael Cohen <

10/10/24

Paolo Leoni Work, Mike Cohen2

9/20/24

RPM/DEB agent creation from API

Hi Paolo, We had similar questions recently around creating MSI/RPM from the API. Although you can do

unread,

RPM/DEB agent creation from API

Hi Paolo, We had similar questions recently around creating MSI/RPM from the API. Although you can do

9/20/24

Carlos Cajigas, Mike Cohen3

9/15/24

File Finder Glob Table

Mike, That helped. I got it now! Thanks so much! Carlos On Mon, Sep 16, 2024 at 12:48 AM Mike Cohen

unread,

File Finder Glob Table

Mike, That helped. I got it now! Thanks so much! Carlos On Mon, Sep 16, 2024 at 12:48 AM Mike Cohen

9/15/24

Vishva Patel, Mike Cohen5

9/11/24

Cannot connect to API Server

Awesome. That worked. Thanks for your support. On Wednesday, September 11, 2024 at 9:45:04 AM UTC-4

unread,

Cannot connect to API Server

Awesome. That worked. Thanks for your support. On Wednesday, September 11, 2024 at 9:45:04 AM UTC-4

9/11/24

Bruce, … Mike Cohen4

9/6/24

Documentation/recommendations on deployment

I'm not familiar with the exact technologies you mention but generally velociraptor clients

unread,

Documentation/recommendations on deployment

I'm not familiar with the exact technologies you mention but generally velociraptor clients

9/6/24

Paolo Leoni Work, Mike Cohen6

8/27/24

Upload tool and artifact collection from cli

Thank you Mike, that was exactly what I needed. Paolo L. On Tue, Aug 27, 2024 at 4:30 AM Mike Cohen

unread,

Upload tool and artifact collection from cli

Thank you Mike, that was exactly what I needed. Paolo L. On Tue, Aug 27, 2024 at 4:30 AM Mike Cohen

8/27/24

Doraemon Nobi, Mike Cohen2

8/23/24

Passing arguments using pyvelociraptor API.

It looks like you are using the wrappers.py from here https://github.com/Velocidex/pyvelociraptor/

unread,

Passing arguments using pyvelociraptor API.

It looks like you are using the wrappers.py from here https://github.com/Velocidex/pyvelociraptor/

8/23/24

albatr0ss, Mike Cohen2

8/23/24

Using multiple deaddisks

Hi The best way is to make your dead disk image appear like a client and connect to a proper

unread,

Using multiple deaddisks

Hi The best way is to make your dead disk image appear like a client and connect to a proper

8/23/24

Seif Eddine Ammar

8/14/24

Creating a Hunt via CLI

Hi Sir Mike, I hope you're doing well. I am a cybersecurity graduating engineer I'm currently

unread,

Creating a Hunt via CLI

Hi Sir Mike, I hope you're doing well. I am a cybersecurity graduating engineer I'm currently

8/14/24

Ben McDaniel, Mike Cohen3

8/2/24

Velociraptor NAT Environment Question

Awesome, thanks for the info! On Fri, Aug 2, 2024 at 9:37 PM Mike Cohen <mi...@velocidex.com>

unread,

Velociraptor NAT Environment Question

Awesome, thanks for the info! On Fri, Aug 2, 2024 at 9:37 PM Mike Cohen <mi...@velocidex.com>

8/2/24

Paolo Leoni Work, Mike Cohen5

7/22/24

VQL and API - MSI creation

Now It's ok. Thank you Mike for your great support. ~p On Mon, Jul 22, 2024 at 3:19 PM Mike Cohen

unread,

VQL and API - MSI creation

Now It's ok. Thank you Mike for your great support. ~p On Mon, Jul 22, 2024 at 3:19 PM Mike Cohen

7/22/24

Assane Aw, Mike Cohen2

6/13/24

I can't create a hunt velociraptor with artifacts like: CLIENT EVENT

client events are used for client monitoring - you can only run hunts with artifacts of type client

unread,

I can't create a hunt velociraptor with artifacts like: CLIENT EVENT

client events are used for client monitoring - you can only run hunts with artifacts of type client

6/13/24

Jason Ostrom

5/20/24

Bootstrap server to add custom artifact to server monitoring table

Hi All, I'm trying to bootstrap a velociraptor server to add a custom artifact to the server

unread,

Bootstrap server to add custom artifact to server monitoring table

Hi All, I'm trying to bootstrap a velociraptor server to add a custom artifact to the server

5/20/24

Jim Meyer, Mike Cohen3

5/16/24

CLI user creation - works up to release 0.7.1

Hi Mike, Thanks! Restarting the 'velociraptor_service' successfully resolved the issue. The

unread,

CLI user creation - works up to release 0.7.1

Hi Mike, Thanks! Restarting the 'velociraptor_service' successfully resolved the issue. The

5/16/24

Amy Whyte, Mike Cohen2

5/15/24

Contributor Contest

This is an excellent question. We really would like to encourage more artifact contributions but

unread,

Contributor Contest

This is an excellent question. We really would like to encourage more artifact contributions but

5/15/24