SKILL·CBA2E4

ir-velociraptor

aiskillstore
Updated 1 month ago
21 views
162
7
162
View on GitHub
Otherforensicsincident-responseendpoint-detectionthreat-huntingvqldfirlive-responseevidence-collection

About

This skill enables large-scale endpoint forensics and incident response using Velociraptor Query Language (VQL). It's designed for collecting evidence, hunting threats, and performing live response across multiple systems. Developers can use it to gather telemetry, monitor security events, and create custom forensic artifacts for investigations.

Quick Install

Claude Code

Recommended
Primary
npx skills add aiskillstore/marketplace -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/aiskillstore/marketplace
Git CloneAlternative
git clone https://github.com/aiskillstore/marketplace.git ~/.claude/skills/ir-velociraptor

Copy and paste this command in Claude Code to install this skill

GitHub Repository

aiskillstore/marketplace
Path: skills/agentsecops/ir-velociraptor
0
ai-skillsclaudeclaude-codeclaude-skillscodexcodex-skills
FAQ

Frequently asked questions

What is the ir-velociraptor skill?

ir-velociraptor is a Claude Skill by aiskillstore. Skills package instructions and resources that Claude loads on demand, so Claude can perform ir-velociraptor-related tasks without extra prompting.

How do I install ir-velociraptor?

Use the install commands on this page: add ir-velociraptor to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.

What category does ir-velociraptor belong to?

ir-velociraptor is in the incident-response category, tagged forensics, incident-response, endpoint-detection, threat-hunting, vql and dfir.

Is ir-velociraptor free to use?

Yes. ir-velociraptor is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.

Related Skills

forensics-osquery
Other

This skill enables SQL-based forensic investigation and threat hunting by querying endpoint operating systems as relational databases via osquery. It's designed for rapid evidence collection, incident response, and analyzing system artifacts like processes, network connections, and file hashes across Linux, macOS, and Windows. Use it for live forensics, building detection queries, and hunting for compromise indicators during security incidents.

View skill
detection-sigma
Other

This skill enables the creation and management of universal, vendor-agnostic SIEM detection rules using the Sigma format. It allows developers to write rules once and convert them for platforms like Splunk, Elastic, QRadar, and Sentinel, facilitating threat hunting and detection-as-code pipelines. Key features include mapping detections to MITRE ATT&CK and implementing compliance monitoring.

View skill
detection-sigma
Other

This skill enables creation and management of vendor-agnostic SIEM detection rules using the Sigma format. It allows converting rules between platforms like Splunk and Elasticsearch while supporting threat hunting and detection-as-code workflows. Developers should use it for standardized security monitoring, MITRE ATT&CK mapping, and cross-platform rule portability.

View skill
content-collections
Meta

This skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.

View skill