Skills
.Work. You
Rest

velociraptor

Official

Launch Velociraptor collections on endpoints

Data & Analytics#automation#artifacts#endpoint#forensics#velociraptor#dfir
AuthorrefractionPOINT
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Velociraptor integration for LimaCharlie enables DFIR teams to list available VQL artifacts, view artifact definitions, and launch forensic collections on endpoints from a single workflow. It also provides access to raw collection data and processed events for rapid triage and investigation.

Core Features & Use Cases

  • List Velociraptor artifacts (built-in or external) and view their YAML definitions.
  • Launch endpoint forensic collections and collect results in Artifact or JSON event form.
  • Retrieve raw artifacts (ZIP) and query processed velociraptor events on the velociraptor sensor.
  • Build D&R automation rules from velociraptor_collection events for incident response.

Quick Start

Example: List artifacts, then launch a collection on sensor SID 'SID-123' for artifact 'Windows.System.Drivers'.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: velociraptor
Download link: https://github.com/refractionPOINT/lc-ai/archive/main.zip#velociraptor

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.