Developer Roll Up: February 2021

The months are just peeling off of the calendar and the momentum here at LimaCharlie keeps growing. We have had some major releases this month and do not plan on slowing down anytime soon. Below you will find a recap of the major updates.

LimaCharlie Net

The team at LimaCharlie has rolled out Net which changes the way that secure remote access is delivered. It is much more than a virtual private network and can be established with the click of a button. It is a Zero Trust,  micro-segmentable network that can capture full or partial PCAP files entirely in the cloud. All without impacting users. These captured files can also be analyzed with the Zeek Network Monitoring Tool and have detection rules written against them.  

You can learn more about LimaCharlie Net here: https://www.limacharlie.io/net

Major Web App UI Update

The web application has recently undergone some major updates with an eye towards improving performance and increasing usability. This effort has been spearheaded by our lead frontend engineer, Rowan Weismiller,  who joined the team in September. Rowan has already made a dramatic impact and we expect many more great things from him.

For those not ready to make the change yet we will continue to host https://old.app.limacharlie.io/ for the immediate future.

Webinar on Ingesting External Artifacts

Continuing with our ongoing webinar series, LimaCharlie founder Maxime Lamothe-Brassardwalked attendees through the process of ingesting external artifacts such as Syslogs, PCAPS, Windows Event Logs, etc into LimaCharlie where they are normalized and processed by the Detection & Response engine.

A recording of the webinar is embedded below. Users wishing to attend the next webinar on the newly released Zero Trust networking solution can register here: limacharlie.io/webinar

DR Rules Changes

• introducing the Time Descriptors to the D&R Rules. These enable you to specify very custom time of day/week/year when parts of a rule is in effect. These unlock a bunch of UEBA use cases: https://doc.limacharlie.io/docs/documentation/docs/dr.md#times

• The event: _* portion of D&R Rules now support a special wildcard to have a rule match all Detections being re-processed by the D&R Rule Engine. This is useful to apply a rule to all detections generated. See the last paragraph: https://doc.limacharlie.io/docs/documentation/docs/dr.md#basic-structure

Python SDK/CLI v3.18.0

• Added support for lc-net Policies to the Configs CLI to manage the policies through config files.

• Added the --all flag to limacharlie configsto sync all types.

• Produce warning on limacharlie config if no config type to fetch/push is specified.