Description Collecting evidence and obtaining information and artifacts is one of the most important stages during incident handling, especially when dealing with hundreds or thousands of systems. In this series, we will use Velociraptor Open-source EDR for its many advantages that facilitate expected tasks during Incident Response and Threat Hunting. There are more than one way to deploy Velociraptor, and we will explore two methods in this series:

  1. Agentless Deployment.
  2. Deployment as a service.

Agentless Deployment To deploy Velociraptor as Agentless, we can follow this lesson
IR & TH Series - Velociraptor EDR Agentless Deployment [ARABIC]

EDR Deployment as a Service To apply the second method, which is Deployment as a service we can follow the below link
IR & TH Series - Velociraptor EDR Deployment as a Service [ARABIC]
The benefit of using this method is the presence of the Velociraptor Service even after a system restart.