I just got a pop-up in our console talking about the Velociraptor acquisition. What a great buy for the R7 IDR portfolio!
I see that the Velociraptor agent has already been bundled into the Insight Agent - great first moves there, and very quickly implemented. I would suggest that exposing Velociraptor functionality to query endpoints from the IDR console would be a great feature enhancement for the platform and an excellent way to continue to drive customer value!
I just wanted to voice my enthusiasm for Velociraptor and the acquisition here and I am looking forward to what the future holds - great work!
@nick_defoe just wanted to respond and say it’s so great to hear that excitement… of course we share it internally, but hearing the customer reaction has been truly invigorating!
I’m currently working with Mike Cohen (everyone’s favorite Digital Paleontologist!) and others to determine what can provide the most value to our customers going forward — so thank you for this request, I’ve captured it!
In this post they say: “… we’ve already embedded Velociraptor’s endpoint data collection capabilities into our Insight agent, saving critical time as our MDR team pivots from monitoring their environment to responding to an incident.”
I don’t believe Velociraptor is exposed to customers at all, yet, unless you figured out something that I am not aware of!
Did not see that in the original post. No I have not. I thought you might have heard something. So then it still needs to be deployed maually to the endpoints for now. I have the Velociraptor server set up and running. I have the client on my own system and was wondering about deploying it out. If it was already in the agent then that would have saved some effort.
@nick_defoe@Kerry Velociraptor has not been exposed to all customers yet, we’re currently doing this in certain scenarios on behalf of our managed customers. We are doing some foundational work right now so that we are able to deploy & manage the Velociraptor agent on behalf of our customers.
Kerry, when you say:
I still need to deploy the Velociraptor agent to get information to the console
I assume you are referring to the Velociraptor console itself? Was just curious to understand your expectations and/or what would make your life easier based on your current use cases… especially if any of then require you to work back and forth between IDR.
Hi Dick, I deployed the Velociraptor server after your blog post so that I could try it out as suggested. I have the Velociraptor agent on one system. Yes so what I meant was, in order to get the Velociraptor data, I still have to do it with their agent and their console. There is as of yet nothing built into the IDR agent that would get me any info it sounds like. I thought it was being built into the IDR agent and would be reporting to IDR. If it is just always going to be yet another agent with yet another console, then I am not intersted. I have enough of both thanks.
Kerry - your thinking was correct! We do plan to ship Velociraptor as a component within the Insight Agent, so there will NOT be another agent to manage. Today we are able to deploy Velociraptor on behalf of our managed customers, but it is not integrated with the platform so it’s operated independently by our analysts in specific scenarios. We’re also working with our user experience team to determine which Velociraptor functionality can be leveraged within IDR itself. I do not have a date for when that will be available, but I think directionally that aligns with what you are looking for.
@tornetzeder in the coming months we will start to externally publish our plans and high level timelines for how/when our customers will be able to take advantage of Velociraptor. I’m sorry that I cannot be more specific at this time!
@nikolai_thoftgaard_jensen we are identifying existing InsightIDR Ultimate customers for our first Open Preview cohort. The existing plan is to begin this rollout to IDR Ultimate customers in late April / early May, but the speed of completing this rollout will be highly dependent on feedback from our first set of customers!
Jesper - we are currently in Open Preview for a limited number of customers and gathering / incorporating feedback. Tentative plan right now will be to start moving this out to existing IDR Ultimate customers later this year. If you are an IDR Ultimate customer, there will be no action if you have agent auto-updates on; if auto-updates are disabled we’ll just work with those customers to schedule an initial deployment window (Velociraptor will be delivered as a sub-component of the existing agent, no need for a brand new deployment).