← Back to Blog

May 31st, 2021

Developer Roll Up: May 2021

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
Developer Roll Up: May 2021

Another one for the books. A lot of cool new features, capabilities and UI improvements - details below.

On June 8th at 11:00 AM PDT we are hosting a webinar exploring the LimaCharlie Add-on Marketplace. You can register for the webinar here.

And as always, please reach out to us if you have any questions, concerns or feature suggestions. 

Sensor View

We've been working on making it easier to navigate & interact with the data for each individual sensor. To that end, we've deepened the navigation so you can drill down into a Sensor in the web app to access available data as well as take action from one place. Just click a Sensor from the list within an org and you'll see the new view.Today you'll be able to see Overview, Artifacts, Timeline, Console, and Processes accessible from this view (Console pictured below). The intention is to deprecate Live View and consolidate most its functionality into this new one-stop-shop for everything on a Sensor. We're still working on finishing Processes and will be working on bringing File System and Network Connections into this view next.

Artifacts

We've created a new page, accessible from the Sidebar, for viewing all Artifacts within an Organization. The Artifact Collection page is now just for configuring rules, and there's no longer a need to open up a separate window to view & filter collected Artifacts.

Apple Binary/XML Plist Support

The Artifact Ingestion system now support Apple Binary (and XML etc) PLISTs. Ingesting them will produced a parsed version in JSON which you can alert on using the D&R rules engine similarly to Windows Event Logs and others.

Sensor v4.24.3

Linux:

  • File Integrity Monitoring on Linux has had fixes to support wildcards in paths like /home/*/.ssh/* without impacting system performance like before.

macOS:

  • You will no longer see the RPHCP.app appear in the Recent Applications section of the Dock after a restart

  • We now provide better “silent” installations for enterprise deployments using a preference file (the RPHCP.app won’t prompt you with the Install button if you’ve used an MDM profile and place the preference file in the /Library/Preferences folder)

Sensor v4.25.0

The minor version change is the result not of new functionality in this release, but in the update to libYara included. As this was a major update and it is an external library we wanted to be cautious in letting people know of the change.

  • Updated libYara

  • Fix to macOS User Mode (without the Apple Endpoint Security Extension) process tracking that could result in high CPU during sensor updates.

Copyright © LimaCharlie 2024