Can I integrate Velociraptor with my SIEM?

Yes, this skill includes integration patterns for forwarding data to platforms like Splunk and the Elastic Stack.

Which operating systems are supported?

The skill provides implementation guidance and artifacts for Windows, Linux (Debian, Ubuntu, RHEL), and macOS.

What is Velociraptor used for in this skill?

Velociraptor is used as an endpoint monitoring and digital forensics platform to collect artifacts and conduct real-time threat hunting via VQL.

How does this skill assist during a security breach?

It provides ready-to-use VQL snippets and deployment patterns to quickly collect evidence like event logs, registry hives, and memory artifacts across the network.

Does it support YARA scanning?

Yes, it includes VQL examples for conducting memory-based YARA scans to detect malicious signatures across endpoints.

Velociraptor IR Implementation

Name: Velociraptor IR Implementation
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Deploys and configures Velociraptor for scalable endpoint forensic artifact collection and incident response.

This skill enables AI agents to automate the deployment, configuration, and operation of Velociraptor, an open-source endpoint monitoring and forensics platform. It provides specialized guidance on using Velociraptor Query Language (VQL) to collect critical forensic data across Windows, Linux, and macOS, conduct large-scale threat hunts, and map activities to the MITRE ATT&CK framework. It is particularly useful for incident responders needing to rapidly establish visibility across thousands of endpoints during a breach investigation or proactive security assessment.

Características Principales

010 GitHub stars

02Pre-mapped MITRE ATT&CK techniques for standardized incident response

03Scalable threat hunting patterns for malware, hashes, and YARA signatures

04Extensive VQL library for forensic artifact collection including Event Logs and MFT

05Real-time endpoint monitoring and alerting configuration for security events

06Automated server and client deployment scripts for cross-platform environments

Casos de Uso

01Rapidly deploying forensic agents across a compromised network during an incident

02Conducting enterprise-wide threat hunts for specific indicators of compromise

03Implementing continuous endpoint monitoring to detect persistence and lateral movement

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-velociraptor-for-ir-collection

For use in Claude.ai and ChatGPT

Características Principales

010 GitHub stars

02Pre-mapped MITRE ATT&CK techniques for standardized incident response

03Scalable threat hunting patterns for malware, hashes, and YARA signatures

04Extensive VQL library for forensic artifact collection including Event Logs and MFT

05Real-time endpoint monitoring and alerting configuration for security events

06Automated server and client deployment scripts for cross-platform environments

Casos de Uso

01Rapidly deploying forensic agents across a compromised network during an incident

02Conducting enterprise-wide threat hunts for specific indicators of compromise

03Implementing continuous endpoint monitoring to detect persistence and lateral movement

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-velociraptor-for-ir-collection

For use in Claude.ai and ChatGPT