Velociraptor
Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.
Why it is included
Powerful open hunting/IR platform used in enterprise and MSSP contexts.
Best for
Incident response retainers and proactive threat hunts on endpoints.
Strengths
- VQL
- Artifacts
- Notebook investigations
Limitations
- AGPL deployment considerations; server ops overhead
Good alternatives
GRR (Google) · commercial EDR exports
Related tools
Security & Privacy
osquery
Expose OS state as SQL tables—processes, sockets, users, browser extensions—for fleet visibility and compliance.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
DFIR-IRIS
Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
Snort
Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.