← Back to Blog

Developer Roll Up: April 2021

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist

Christopher Luft

Developer Roll Up: April 2021

Lots of exciting things have been happening at LimaCharlie. On the development front we continue to release new features and capabilities, as well as making continuous improvements to the user interface for our web application. On the business front we have some exciting new partnerships we are putting together and hope to announce soon. We have also added new content to our YouTube channel and e-learning platform.

On May 11th at 11:00 AM PDT we are hosting a webinar examining the process that LimaCharlie users used to track and mitigate HAFNIUM. You can register for the webinar here.

And as always, please reach out to us if you have any questions, concerns or feature suggestions. 


Sigma Service & Live Windows Event Logs

The Sigma Service now generates Windows Event Logs based D&R rules that apply to Live Windows Event Logs (as announced March 16) on top of the previously-supported Artifact-based (files) Windows Event Logs.

This means that as you switch to using Live WEL, you will keep the coverage provided by Sigma.

As usual, the Sigma D&R rules used are available here for transparency: https://github.com/refractionPOINT/sigma/tree/lc-rules/lc-rules

Sensor v4.24.2

  • Enhanced performance with network tracking on Linux Docker environments.

  • Tweaks to process termination increasing reliability of the ordering of some events, leading to better stateful detection and parent->child ordering of events.

Note: with this release we are also bumping up the Stable version to 4.24.1.

Webapp - Event Explorer Rewrite

If you use explorer to dig into Sensors' event histories, this is for you!  We rewrote the Explorer view to have improved performance, UX, and consistency of how event trees are constructed. It should feel familiar, but more approachable.

Some of its features:

  • The view is still at its core a browsable list of events, anchored at a chosen point in time. Clicking an event selects it for the viewer to show related events in a tree graph, as well as details of the raw event.

  • The URL contains the exact state of the filters and event tree you're looking at. Feel free to share with a colleague!

  • The keyboard controls have been expanded upon. There's a helpful  Controls button to get you familiarized.

EXP Datacenter Decommissioning

The "Experimental" Datacenter was decommissioned from General Availability.

We'd reached out privately to users who had small deployments on this datacenter a few weeks ago, so we don't expect this announcement to have an impact on anyone. We just wanted to have it on the record for transparency or for those who noticed it gone from the list of datacenters.

Web App Historical/Timeline

As you've probably seen, we've been slowly revamping all aspects of the web app.

We'd rolled out another step in this revamp.

Clicking on a Sensor in the Sensor List now brings you into a more complete view of all the information about that Sensor, including the Timeline (historical view) and the Live Console. This means the Historical view button has been moved to the sidebar menu found by clicking on a specific Sensor.

As we keep refactoring things you'll find more and more Sensor-specific views in this Sensor section.

This also comes with a change in the URL for these view. The historical URL now looks like /orgs/OID/sensors/SID/timeline. The links generated in the Detections have also been adjusted to point to this new path.

View of timeline on LImaCharlie application