Update presentation (#36)

Velocidex · Jul 24, 2024 · 7b434e9 · 7b434e9
1 parent 5d0b983
commit 7b434e9
Show file tree

Hide file tree

Showing 9 changed files with 14 additions and 130 deletions.
diff --git a/docs/index.html b/docs/index.html
@@ -3360,111 +3360,97 @@ <h1 class="display-5 fw-bold text-body-emphasis">
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
          <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/10" >
-           Monitoring endpoint autonomously with VQL
-         </a>
-       </li>
-
-       <li class="fs-4">
-         <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/11" >
-           System changes relayed to server
-         </a>
-       </li>
-
-       <li class="fs-4">
-         <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/12" >
            Tracking processes on endpoint
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/13" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/11" >
            View process tree
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/14" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/12" >
            Inspect the process call chain
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/15" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/13" >
            Triaging Using Sigma
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/16" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/14" >
            Collecting the sigma artifact
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/17" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/15" >
            Triaging an endpoint
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/18" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/16" >
            Stacking rules by title
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/19" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/17" >
            Viewing the stacking stats
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/20" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/18" >
            Viewing common rows
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/21" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/19" >
            Detection vs. Forensics
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/22" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/20" >
            Real Time Sigma alerting
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/25" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/23" >
            Live detection with Sigma
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/26" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/24" >
            Administration through VQL
          </a>
        </li>
 
        <li class="fs-4">
          <i class="fa fa-sm category-icon fa-chalkboard"></i>
-         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/27" >
+         <a href="./presentations/what-is-velociraptor/what_is_velociraptor.html#/25" >
            Conclusions
          </a>
        </li>
@@ -6579,7 +6565,7 @@ <h1 class="display-5 fw-bold text-body-emphasis">
          <a class="text-reset fw-bold" href="https://rapid7.com/">Rapid7 Inc</a>
        </div>
        <div class="me-4 text-reset">
-         Built on 2024-07-22T12:13:37Z
+         Built on 2024-07-22T12:18:09Z
        </div>
     </section>
   </footer>

diff --git a/docs/presentations/2024-auscert-detection_engineering/client_events_arch.png b/docs/presentations/2024-auscert-detection_engineering/client_events_arch.png
diff --git a/docs/presentations/2024-auscert-detection_engineering/edr_env.png b/docs/presentations/2024-auscert-detection_engineering/edr_env.png
diff --git a/docs/presentations/2024-auscert-workshop/velociraptor_sigma_flow.png b/docs/presentations/2024-auscert-workshop/velociraptor_sigma_flow.png
diff --git a/docs/presentations/what-is-velociraptor/artifact.yaml b/docs/presentations/what-is-velociraptor/artifact.yaml
@@ -96,24 +96,6 @@ sources:
        ## Acquired file is encrypted
        
        ![](https://github.com/Velocidex/presentations/blob/master//modules/offline_collector/offline_encrypted.png?raw=true)
-   - type: markdown
-     template: |
-       <!-- .slide: class="content small-font" -->
-       ## Monitoring endpoint autonomously with VQL
-       
-       Event artifacts are never-ending VQL queries that watch for events on
-       clients and stream those events to the server.
-       
-       ![](https://github.com/Velocidex/presentations/blob/master//modules/event_monitoring/event-queries.png?raw=true)
-   - type: markdown
-     template: |
-       <!-- .slide: class="content small-font" -->
-       ## System changes relayed to server
-       
-       Detections can be written to alert about suspicious changes to system
-       configuration
-       
-       ![](https://github.com/Velocidex/presentations/blob/master//modules/event_monitoring/Windows.Events.EventLogModifications_results.png?raw=true)
    - type: markdown
      template: |
        <!-- .slide: class="content small-font" -->

diff --git a/docs/presentations/what-is-velociraptor/index.html b/docs/presentations/what-is-velociraptor/index.html
@@ -121,27 +121,6 @@ <h1 style="font-size: 4ex">Velociraptor: Digging Deeper</h1>
 
 ![](../../modules/offline_collector/offline_encrypted.png)
 
----
-
-<!-- .slide: class="content small-font" -->
-## Monitoring endpoint autonomously with VQL
-
-Event artifacts are never-ending VQL queries that watch for events on
-clients and stream those events to the server.
-
-![](../../modules/event_monitoring/event-queries.png)
-
----
-
-<!-- .slide: class="content small-font" -->
-## System changes relayed to server
-
-Detections can be written to alert about suspicious changes to system
-configuration
-
-![](../../modules/event_monitoring/Windows.Events.EventLogModifications_results.png)
-
-
 ---
 
 <!-- .slide: class="content small-font" -->

diff --git a/docs/presentations/what-is-velociraptor/what_is_velociraptor.html b/docs/presentations/what-is-velociraptor/what_is_velociraptor.html
@@ -121,27 +121,6 @@ <h1 style="font-size: 4ex">Velociraptor: Digging Deeper</h1>
 
 ![](../../modules/offline_collector/offline_encrypted.png)
 
----
-
-<!-- .slide: class="content small-font" -->
-## Monitoring endpoint autonomously with VQL
-
-Event artifacts are never-ending VQL queries that watch for events on
-clients and stream those events to the server.
-
-![](../../modules/event_monitoring/event-queries.png)
-
----
-
-<!-- .slide: class="content small-font" -->
-## System changes relayed to server
-
-Detections can be written to alert about suspicious changes to system
-configuration
-
-![](../../modules/event_monitoring/Windows.Events.EventLogModifications_results.png)
-
-
 ---
 
 <!-- .slide: class="content small-font" -->

diff --git a/docs/presentations/what-is-velociraptor/what_is_velociraptor.md b/docs/presentations/what-is-velociraptor/what_is_velociraptor.md
@@ -98,27 +98,6 @@ Pre-programmed binary collecting, packaging and uploading collection
 
 ![](/modules/offline_collector/offline_encrypted.png)
 
----
-
-<!-- .slide: class="content small-font" -->
-## Monitoring endpoint autonomously with VQL
-
-Event artifacts are never-ending VQL queries that watch for events on
-clients and stream those events to the server.
-
-![](/modules/event_monitoring/event-queries.png)
-
----
-
-<!-- .slide: class="content small-font" -->
-## System changes relayed to server
-
-Detections can be written to alert about suspicious changes to system
-configuration
-
-![](/modules/event_monitoring/Windows.Events.EventLogModifications_results.png)
-
-
 ---
 
 <!-- .slide: class="content small-font" -->

diff --git a/presentations/what-is-velociraptor/what_is_velociraptor.md b/presentations/what-is-velociraptor/what_is_velociraptor.md
@@ -98,27 +98,6 @@ Pre-programmed binary collecting, packaging and uploading collection
 
 ![](/modules/offline_collector/offline_encrypted.png)
 
----
-
-<!-- .slide: class="content small-font" -->
-## Monitoring endpoint autonomously with VQL
-
-Event artifacts are never-ending VQL queries that watch for events on
-clients and stream those events to the server.
-
-![](/modules/event_monitoring/event-queries.png)
-
----
-
-<!-- .slide: class="content small-font" -->
-## System changes relayed to server
-
-Detections can be written to alert about suspicious changes to system
-configuration
-
-![](/modules/event_monitoring/Windows.Events.EventLogModifications_results.png)
-
-
 ---
 
 <!-- .slide: class="content small-font" -->