Announcements
Security Advisories
CVE-2025-14728
CVE-2025-6264
CVE-2025-0914
CVE-2024-10526
CVE-2023-5950
CVE-2023-2226
CVE-2023-0242
CVE-2023-0290
Documentation
Velociraptor Overview
History
Support Policy
Security
Deployment
Quickstart
Server Deployment
Key Concepts
Key Decisions
Deployment Example
Multi-Frontend
Upgrades
Organizations
Deploying Clients
Offline Collections
Building
Running
Collection Data
Updating
Troubleshooting
Security
Performance
Config Reference
The Admin GUI
Managing Artifacts
Keyboard Shortcuts
User Preferences
Customization
Managing Clients
Searching for clients
Interrogation
Collecting Artifacts
Labels
Metadata
Quarantine
Virtual File System
Shell Commands
Monitoring
VQL
VQL Fundamentals
Event Queries
JOIN in VQL
Artifacts
Calling Artifacts
Managing Artifacts
Extending VQL
VQL Reference
Artifacts
Managing Artifacts
Basic Fields
Advanced Fields
Parameters
Sources
Preconditions
Export & Imports
Calling Artifacts
Event Queues
Tools
Resource Limits
Security
Other Use Cases
Artifact Writing Tips
Artifact Reference
Artifact Exchange
Notebooks
Hunting
Forensic Analysis
Searching Filesystems
Velociraptor Paths
Remapping Accessors
NTFS Analysis
Searching Content
Dead Disk Analysis
Creating & Running
Binary parsing
Evidence Of Execution
Event Logs
Volatile State
Triage and acquisition
Server Automation
Server API
Server Monitoring
CLI
acl
artifacts
collector
config
deaddisk
fs (filesystem)
fuse
query
server_service
service
tools
user
Miscellaneous
CLI flags
Troubleshooting
Deployment
Server
Client
Offline Collector
Operations
Server Ops
Remote Clients
VQL
Debugging
Internal
Metrics
Golang
Client
Monitoring
Flows
Global
Datastore
Replication
Services
ExportContainers
Throttler
User Manager
Open-close
tempfiles
worker
VQL
Queries
Active Queries
Plugin Monitor
Recent Queries
Plugins
ETW
Glob
NTFS Cache
Sigma Tracker
Windows Event Log Watcher
Zip
Process Tracker
Sqlite
Org
Services
Broadcast
QueueManager
VFS
Notifier
Downloads
VQL Reference
Frequently Used ✨
Windows-only
Linux-only
Server-only
Parsers
Encode/Decode
Event Plugins
Experimental
Developer
Other
Accessors
Training
Playbooks
Blog
Presentations
Linux Conf Au 2022
Auscert 2022
SANS Summit 2022
Velocon 2022
DFRWS APAC 2022
EverythingOpen 2023
VeloCON 2023
Auscert 2024
Auscert 2024 Talk
Auscert 2025 Workshop
Artifact Exchange
Artifact Reference
Knowledge Base
Search
GitHub
Discord
YouTube
Mailing List
RSS
Rapid7 Docs
Blog
category :: Blog
Browsing around the filesystem.
Velociraptor's client communications
The Velociraptor API and FUSE
Agentless hunting with Velociraptor
Agentless hunting with Velociraptor
Alerting on event patterns
Velociraptor Performance
The Velociraptor Python API
Deploying Velociraptor with OAuth SSO
Configuring Velociraptor for SSL
Server side VQL queries and Escalation Events
More on client event collection
Velociraptor training at NZITF
Event Queries and Endpoint Monitoring
Velociraptor's filesystem's accessors
Detecting powershell persistence with Velociraptor and Yara
Velociraptor walk through and demo
Velociraptor Artifacts
Design differences between Velociraptor and GRR
Files, files everything is just a file!
Hunting - What Velociraptors do best!
Interrogation - Make the endpoint tell us what it knows!
Velocidex Query Language (VQL)
Introducing Velociraptor