February 3rd, 2022
Collect and monitor telemetry from any source
Christopher Luft
LimaCharlie is continuously expanding the list of difficult problems it solves for security, incident response, cloud engineering and DevSecOps teams across a broad range of customers.
Along with an advanced EDR, log aggregation, automations engine, software-defined networking, artifact ingestion, and an operational console for security teams, LimaCharlie now offers the ability to bring in external logs and telemetry from any source. This data can be used to generate detections and it includes a full year of telemetry storage at no extra cost.
LimaCharlie makes security data collection from any source easily accessible and affordable
AWS, Google Cloud, Office365, 1Password, Slack and thousands of other applications produce an ever increasing amount of data and this trend shows no signs of abating. This leads to a number of challenges:
To detect threats and respond to incidents, you have to do more than simply collect logs. You need to bring them all into one place for correlation and holistic analysis.
To meet compliance requirements organizations need to store security data for a set amount of time; a solid data storage strategy is also a prerequisite for retroactive threat hunting (‘was I compromised in the past by this threat that I just learned about today?’).
Data storage is expensive which can force any security team to sacrifice visibility in exchange for cost reduction.
Logs are ingested in real-time and one year of complete telemetry storage is included as a baseline
You can now ingest real-time external logs/telemetry into LimaCharlie which enables a number of powerful capabilities:
All logs & telemetry are stored with 1 year of retention at no extra cost.
You can create detection & response (D&R) rules that apply to this new telemetry just like you do with the data from endpoints. This allows you to detect threats, respond to incidents in real-time and automate processes at scale.
You can send this new telemetry to Outputs (any external destination) like you would do with any other LimaCharlie data.
Today, you can quickly get started with the following platforms:
Google Cloud Platform audit logs
Carbon Black sensor data
1Password event logs
Syslog
Text based logs
Logs in the JSON format
The list of available sources will be continuously expanding but you are not limited to what we put forward. This new set of capabilities is powered by the LimaCharlie Adapter which allows you to specify, with great precision, how you want to parse and map any logs upon ingestion (with no involvement on our side!). We have open sourced the project allowing you to make your own sensors.
As with everything else at LimaCharlie, pricing for the external log and telemetry collection is fully transparent. You can see the details here: Pricing
In combination with Outputs (the ability to send the data from LimaCharlie to any external destination), this will make LimaCharlie a great platform to optimize margins around storage in external data lakes.
Along with this, we are introducing a concept of vSensors. Learn more about it here: vSensors
LimaCharlie is a great platform to optimize margins around storage in external data lakes
To learn more about the underlying technology and how it works you can visit our technical documentation: Technical Documentation
If you have any questions about getting started, visit the help centre, book a demo or join our community Slack channel and say hello.or book a quick demo. For ideas and suggestions about the data sources we should support next, send us a quick email at answers@limacharlie.io.