DFIR IRIS Module Velociraptor Remove Quarantine - socarium/makarasoc GitHub Wiki

DFIR-IRIS Remove Quarantine Module

Remove quarantine a Windows or Linux Endpoint using Velociraptor.

The module is built for the below Asset types:

  • Windows
  • Linux
  1. Select DFIR IRIS Module Velociraptor Remove Quarantine.

  1. Once deployment finish, Access DFIR-IRIS from your Browser App.

  1. Open the DFIR-IRIS via Browser App.

  2. Navigate to Advanced -> Modules.

  1. Add a new module.

  1. Input the Module name: iris_veloquarantineremove_module

  1. Select Validate module. The module will be automatically registered and activated.