Velociraptor Logo
Dig Deeper into Your Organization’s Endpoints


Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches.


At the press of a (few) buttons, perform targeted collection of digital forensic evidence simultaneously across your endpoints, with speed and precision.


Don't wait until an event occurs. Actively search for suspicious activities using our library of forensic artifacts, then customize to your specific threat-hunting needs.


Continuously collect endpoint events such as event logs, file modifications and process execution. Centrally store events indefinitely for historical review and analysis.

Key forensic features

  • Continuous endpoint-event collection
  • Library of forensic artifacts
  • Customizable threat-hunting
  • Central storage of events – indefinitely
  • Velociraptor-powered Insight agents
  • Investigations in weeks – not months

Novel analysis with multiple forensic capabilities

Partnership with Rapid7 MDR delivers:

  • String together different digital forensic capabilities for a customized investigation and situational approach to threat hunting. Rapidly go from an advisory or new hunting idea to actionable data and DFIR analysis in minutes. Leverage the power of Velociraptor Query Language (VQL) to create custom artifacts, which allow you to collect, query, and monitor almost any aspect of an endpoint, groups of endpoints, or an entire network – then use it to launch your incident response.

Velociraptor Resources


VeloCON 2023

Check Out


Learn More

Artifact Exchange

Learn More