Skip to main content

Managed Endpoint Detection & Forensics

Managed Velociraptor Hosting

Endpoint detection, forensics, and threat hunting at scale

License: AGPL-3.0 GitHub: 3.8K stars Infra: 4–6 GB RAM, 2 vCPU, 30 GB+ storage

What is Velociraptor?

Velociraptor is an advanced open-source endpoint monitoring, digital forensics, and incident response platform. Built for DFIR professionals, it enables rapid threat hunting, evidence collection, and real-time endpoint visibility across your entire fleet.

Use cases

  • Incident response and digital forensics investigations
  • Proactive threat hunting across endpoint fleets
  • Complement to Wazuh for deep endpoint visibility
  • Compliance incident documentation with forensic evidence

Features

  • Real-time endpoint monitoring and collection
  • Velociraptor Query Language (VQL) for custom hunts
  • 700+ built-in forensic artifacts
  • Fleet-wide threat hunting
  • File and process monitoring
  • YARA and Sigma rule scanning
  • Offline collector for triage
  • Multi-platform agents (Windows, Linux, macOS)

Simple, transparent pricing

Same software, fraction of the cost.

Starter

Up to 50 endpoints

From $30 /mo
  • Velociraptor Server + GUI
  • Up to 50 endpoint agents
  • Built-in artifact collection
  • Basic VQL hunts
  • 7-day data retention
  • Daily backups
Contact us

Most popular

Business

Up to 250 endpoints

From $60 /mo
  • Everything in Starter
  • Up to 250 endpoints
  • Custom VQL artifacts
  • YARA and Sigma scanning
  • 30-day data retention
  • Priority support
Contact us

Enterprise

Unlimited endpoints

From $80 /mo
  • Everything in Business
  • Unlimited endpoints
  • 90-day data retention
  • Multi-org support
  • API access for automation
  • SLA-backed uptime
Contact us

Every plan includes

Managed hosting

Dedicated bare-metal servers

Automated backups

Daily backups with 30-day retention

SSL included

Automatic HTTPS with Let's Encrypt

Monitoring

24/7 uptime monitoring and alerting

Compliance-ready hosting

Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.

View compliance documentation →

Frequently asked questions

How many endpoints can each plan handle?

Starter covers up to 50 endpoint agents, Business up to 250, and Enterprise is unlimited with multi-org support. All agents run on Windows, Linux, or macOS; the server and GUI run on our infrastructure.

Can I write custom VQL artifacts and run fleet-wide hunts?

Yes, from the Business plan. VQL (Velociraptor Query Language) lets you define exactly what data to collect from every endpoint; custom artifacts are stored in your instance and reusable across hunts.

Does Velociraptor support YARA and Sigma rule scanning?

Yes, on Business and Enterprise. YARA rules scan process memory and files for malware patterns; Sigma rules detect log-based behavioral indicators. Both run as scheduled hunts or on-demand collections.

Can I migrate existing VQL notebooks and hunt history to your hosted instance?

Yes. We migrate your artifacts, VQL notebooks, and hunt history. Re-enrolling agents is a single configuration change; we provide step-by-step guidance.

Ready to get started with Velociraptor?

Your instance is provisioned in minutes. No credit card required for a consultation.

Contact us