← Back to Blog

November 7th, 2023

Developer Roll Up: October 2023

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
blog post header image

The team at LimaCharlie continues to roll out new features and improvements with no end in sight. There was a strong focus on extensions this past month, along with the launch of the new and exciting Endpoint Bus-as-a-Service.

Webinars

Along with our product updates, we hosted several live webinars last month. Check out the recordings: 

Detecting Malicious Activity in Microsoft 365

Detect malicious files with BinLib: a private binary library

Improve your SecOps with Priam Cyber AI’s AVA: An AI driven virtual assistant

Join us for our upcoming webinar “Expanding LimaCharlie with API Integrations” on Wednesday, November 15th. 

Register now

MSSN CTRL session recordings are now available

In October, LimaCharlie hosted the inaugural MSSN CTRL conference

We are happy to share that the recordings from MSSN CTRL are now available for viewing at your leisure: https://limacharlie.io/events/mssn-ctrl-2023

Thank you again to all of our speakers and to everyone who was able to attend. We're looking forward to making the event even better next year - stay tuned for updates.

Payload Manager Extension

LimaChalrie announced the new  Payload Manager extension.

The Payload Manager extension allows you to create, maintain & automatically refresh payloads in the organization to then deploy them on endpoints via Windows, Mac, or Linux sensors. The saved Payload Configurations can then be managed across tenants using the Infrastructure as Code extension.

To get started with the Payload Manager extension, subscribe to the extension add-on on the marketplace & follow the instructions in description.

Artifact Collection Extension

Following the launch of Extensions, we started porting LimaCharlie Services into the corresponding Extensions. In October, we released the Artifact Collection Extension, which means you can migrate the legacy Artifact Collection Service to the new Extension.

To get started with migrating the existing tenant, navigate to the Artifact Collection Service, select the organization, and follow the steps on the screen. You can also do it from the Service page within your tenant.

If you are creating a new organization, you can subscribe to the Artifact Collection Extension right away, without having to first enable the legacy Service:  https://app.limacharlie.io/add-ons/extension-detail/ext-artifact

Four New Extensions - PagerDuty, Velociraptor, Sigma ruleset and Soteria EDR ruleset

Following the launch of Extensions, we started porting LimaCharlie Services into the corresponding Extensions. Today, we are releasing four new extensions:

To get started with migrating the existing tenant, navigate to the service page on the add-on marketplace, select an organization, and follow the steps on the screen. You can also do it from the Service page within your tenant. If you are creating a new organization, you can subscribe to the new extensions right away, without having to first enable the legacy Services.

Sensor v4.28.4

An update to the endpoint sensor that includes: 

  • Enhanced network connectivity, resolves some issues with connections to the cloud dropping in certain situations

  • More detailed log (hcp.log) of some network connectivity issues

This update is not an update to the cloud-managed version of the LimaCharlie EDR. It is an installer-only update for the binary on disk. It is only available through the downloads.limacharlie.io downloads.

We recommend using this version for all future deployments and for currently problematic installs.

New Twilio Extension

LimaCharlie launched a Twilio extension that can trigger alerts based on Detection & Response rules.

For more information see LimaCharlie Twilio Documentation. Example Respond portion of a D&R rule that sends a message out via Twilio as the response action:

- action: extension request

  extension action: run

  extension name: ext-twilio

  extension request:

    body: '{{ .event }}'

    from: '{{ "+10123456789" }}'

    to: '{{ "+10123456789" }}'

To get started with Twilio extension, visit https://app.limacharlie.io/add-ons/extension-detail/ext-twilio

Announcing new Microsoft/Office 365 Ruleset

We are excited to announce the addition of a new extension - a managed set of Detection & Response rules for Office 365 developed by Soteria. The ruleset is designed for in-depth analysis of the Office 365 ecosystem which includes:

  • Microsoft Teams

  • Word

  • Excel

  • PowerPoint

  • Outlook

  • OneDrive

  • ...and other productivity applications.

To get started, subscribe your tenant to the extension or watch the recent webinar recording.

Copyright © LimaCharlie 2025