Help Center← Back to Dashboard
Getting Started
What is Aithroyz?Quickstart: First EnvironmentCloud CredentialsPlans & Approvals
Environments
OverviewLifecycle PhasesTTL Auto-DestroyExtending TTLDestroying an Environment
Tools Reference
OverviewElastic Stack (SIEM)Wazuh (XDR)MITRE CalderaTheHive & DFIR-IRISVelociraptorOpenCTIGrafana + PrometheusShuffle SOARn8nUptime KumaLLM GatewayOpen WebUIFlowiseOpenClawOllamaQdrantLangfusePortainerGiteaSonarQubeCode ServerMattermostMinIOMetabaseHashiCorp VaultKeycloak SSONetBoxLocalStack
Access & Security
Google SSOTenant IsolationPasskeys & MFATeam Members
API & Integrations
API KeysMCP Tools (Clevername)Terraform ExportWebhooks & Callbacks
Stack Presets
SOC PlatformIR / DFIR LabThreat HuntingQuick Sandbox
Settings
Cloud KeysAPI KeysBillingAudit Log
Troubleshooting
Common IssuesDeployment FailuresDNS & ConnectivityTool Health Checks
Aithroyz Help
Help CenterStack PresetsIR / DFIR Lab

IR / DFIR Lab Preset

The IR/DFIR Lab preset deploys a forensics-focused stack: Velociraptor for endpoint collection, TheHive for case management, DFIR-IRIS for evidence tracking, and OpenCTI for threat intelligence context.

This preset is optimized for incident response training and active investigations. Deploy time is 10–14 minutes. Cost: approximately $0.80–$1.20/hour.

Included tools

Velociraptor
Forensics
Live endpoint artifact collection and fleet hunting
TheHive
Case Mgmt
Incident case creation, task tracking, and team coordination
DFIR-IRIS
IR
Evidence management, IOC tracking, and investigation timeline
OpenCTI
CTI
Threat intelligence — enrich IOCs with actor and campaign context
Related Articles
SOC Platform PresetRead article →VelociraptorRead article →TheHive & DFIR-IRISRead article →