![]() Additionally, the GUI was improved to show how many files were exported into the zip, and other statistics. The 0.6.8 release improved the export code to make it much faster. Velociraptor hunts and collections can be exported to a ZIP file for easy consumption in other tools. Since the VFS is now using the familiar paging table UI, it is also possible to filter, sort on any column using that same UI. Inspecting a large directory is faster with paging tables. This improves performance significantly: for example, it is now possible and reasonable to perform a recursive directory sync on C:\Windows, on my system syncs over 250k files in less than 90 seconds. In the latest release, the VFS GUI uses the familiar paged table and syncs this directory listing in a more efficient way. For very large directories like C:\Windows or C:\Windows\System32 (which typically have thousands of files) this would strain the browser leading to unusable UI. The previous VFS view would store the entire directory listing in a single table for each directory. The VFS feature in Velociraptor allows users to interactively inspect directories and files on the endpoint, in a familiar tree-style user interface. To maintain support with older clients, the server continues to use the older communication protocol with them-but will achieve the most improvement in performance once the newer clients are deployed. This reduces the amount of work on the server and allows more collections to be processed at the same time. In the 0.6.8 release, a new communication protocol was added to offload a lot of the collection tracking to the client itself. Previously tracking the collection was the task of the server, but this extra processing limited the total number of collections it could process. how many bytes were transferred?, how many rows? was the collection successful? etc). When collecting artifacts from endpoints Velociraptor maintains a collection state (e.g. We are thrilled to share its powerful new features and improvements here today.Ī big theme in the 0.6.8 release was about performance improvement, making Velociraptor faster, more efficient and more scalable (even more so than it currently is!). This release has been in development and testing for several months and features significant contributions and testing from our community. Rapid7 is excited to announce the release of version 0.6.8 of Velociraptor-an advanced, open-source digital forensics and incident response (DFIR) tool that enhances visibility into your organization’s endpoints. Last updated at Fri, 19:31:03 GMT A New Client-Server Communication Protocol, VFS GUI, and More Performance Upgrades Make This The Fastest and Most Scalable Velociraptor Yet
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |