-
Notifications
You must be signed in to change notification settings - Fork 575
Tips and hints
Releases are tagged using a consistent naming scheme but there may be deviations (for example if a bugfix is released). The best way to automatically get the latest binary is using the GitHub APIs. For example the latest windows amd64 binary can be downloaded from:
curl https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq 'limit(1 ; ( .assets[].browser_download_url | select ( contains("windows-amd64.exe") )))'
##Using Stand-alone Collectors with CrowdStrike RTR
I haven't tested completely why this isn't working, but if you attempt to execute a Stand-alone Collector via CrowdStrike RTR nothing happens. As an example, let's assume you created a collector for a Mini Timeline (ex. vr_mini_timeline.exe) and upload it to CrowdStrikes cloud, calling it via PUT files it executes successfully, but no output is generated. A quick work around is simply calling it via PowerShell, the below will execute the collector just fine and produce an output:
Start-Process -FilePath "C:\RTR\vr_mini_timeline.exe"
You can simply grab the file and go, or upload to a cloud resource as the Velocidex team have included it into their Stand-alone Collector build tool.