Run Velocidex Velociraptor server with Docker
- This Project is forked from Wes Lambert's Velociraptor Docker project. It adds Elasticsearch and Kibana to allow indexing and search for those artifacts found with velociraptor.
- This will install Elasticsearch, kibana and velociraptor.
-
Ensure docker-compose is installed on the host
-
git clone https://github.com/NocteDefensor/VelociraptorElasticKibana.git -
cd ./Velociraptor-ElasticSearch-Kibana -
Change credential values in
.envas desired -
to run detached enter
docker-compose up -dor if your prefer to watch the containers come updocker-compose up -
Access the Velociraptor GUI via https://<hostip>:8889
- Default u/p is
admin/admin - This can be changed by running:
docker exec -it velocraptor ./velociraptor --config server.config.yaml user add user1 user1 --role administrator - Default u/p is
Linux, Mac, and Windows binaries are located in /velociraptor/clients, which should be mapped to the host in the ./velociraptor directory if using docker-compose. There should also be versions of each automatically repacked based on the server configuration.
Once started, edit server.config.yaml in /velociraptor, then run docker-compose down/up for the server to reflect the changes
To pull only the Docker image:
docker pull wlambert/velociraptor