-
Notifications
You must be signed in to change notification settings - Fork 17
AWS Setup and Configuration for VR Offline Collector Upload to S3
Secure Cake edited this page Jan 23, 2024
·
4 revisions
As mentioned in the README, the Velociraptor Offline Collector can be configured for automatic upload to an S3 bucket. As long as the "endpoint/s" you are investigating have outbound Internet connectivity to your S3 bucket, this is a very effective way to acquire and stage triage data for processing and investigations, especially if you perform investigations from an AWS EC2 instance.
- Create an AWS tenant and credentials with programmatic access (access/secret keys)
- Install the AWS PowerShell module and authenticate to your AWS tenant
- Create/modify the setup script
- Create and stage a "generic" Velociraptor Offline Collector
- Create and stage a generic YAML file for IAM S3 inline policy
- Run the script (creates an IAM User with inline policy and access keys, creates a "folder" in an S3 bucket, creates custom VR Offline Collector)