DFIR IRIS Module Velociraptor Quarantine - socarium/makarasoc GitHub Wiki

DFIR-IRIS Quarantine Module

Quarantine a Windows or Linux Endpoint using Velociraptor.

The module is built for the below Asset types:

  • Windows
  • Linux
  1. Select DFIR IRIS Module Velociraptor Quarantine.

  1. Once deployment finish, Access DFIR-IRIS from your Browser App.

  1. Open the DFIR-IRIS via Browser App.

  2. Navigate to Advanced -> Modules.

  1. Add a new module.

  1. Input the Module name: iris_veloquarantine_module

  1. Select Validate module.

  1. The module will be automatically registered and activated.