Hamburger Icon
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

Incident Management with Velociraptor

Velociraptor is an advanced open-source endpoint monitoring, digital forensics, and incident response (DFIR) tool. It allows security pros to collect, query, and analyze data across multiple endpoints, enhancing visibility and response capabilities.

Brian Dorr - Pluralsight course - Incident Management with Velociraptor
by Brian Dorr

What you'll learn

Velociraptor is great for collecting, querying, and analyzing data across multiple endpoints, making it an essential tool for modern security operations. In this course, Incident Management with Velociraptor, you will delve into its powerful features and demonstrate practical applications in real-world scenarios. First, you will be introduced to Velociraptor, providing a solid understanding of its purpose, architecture, and key functionalities. You will learn how to set up and configure Velociraptor to fit your security environment, ensuring you are well-prepared to utilize its full potential. Next, you will focus on hunting across endpoints. You will discover how to perform targeted hunts on a single device or endpoint and explore methods for scaling these hunts across multiple endpoints to maximize coverage and efficiency. Finally, you will explore hunting based on tactics, techniques, and procedures (TTPs). By the end of this course, you will have the skills and knowledge of Velociraptor needed to leverage known TTPs for proactive threat detection, develop the ability to create and execute custom hunts based on common or emerging TTPs, and enhance your detection capabilities by correlating Velociraptor data with threat intelligence.

Table of contents

About the author

Brian Dorr - Pluralsight course - Incident Management with Velociraptor
Brian Dorr

Brian Dorr is a cybersecurity professional who is very passionate about information security and teaching. Brian has served just under 20 years on Active Duty in the Army and is currently serving as a Cyber Warfare Technician who is a technical advisor and serves as a Defensive Cyber Infrastructure support for 12 teams who rely on him for his technical expertise. He also teaches and mentors cyber security students at Agusta Technical College as an Adjunct Cyber Security Instructor. Brian has led and managed several Defensive Cyber Operation missions to include planning and interfacing with several customers to employ an effective threat focused hunt mission by leverage threat intelligence, hardware resources, personnel talent to align with organizational requirements. Brian continues to frequently contribute to the information security community through his LinkedIn and hosts a website at https://lockeddorrsecurity.com and a blog on medium at https://medium.com/@LDS_Cyber. He currently holds ITIL, CEH, GSEC and has previously held Linux +, Cisco's CCNA Security and CCNA Route and Switch. He has attended several training bootcamps that involved various SANS courses, CompTIA, CISSP, CISM and many others during the course of his career. He also manages two network campuses for the church he attends. During down time, he likes to tinker around in his home lab, ride a motorcycle, spend time with his family, volunteer at his church in student ministry, and lastly, video games.

More Courses by Brian