May 3rd, 2023
Developer Roll Up: April 2023
Christopher Luft
We hope you're all doing well and staying secure. The team at LimaCharlie has been hard at work developing cybersecurity solutions that are accessible and effective, and we're excited to share some recent updates with you.
Last week, we had the opportunity to attend both BSides San Francisco and RSA, where we were able to connect with other cybersecurity professionals and showcase some of our latest developments. We learned a lot from the events and came away feeling energized and excited about the work we're doing.
As always, our goal is to provide you with reliable and user-friendly solutions that help protect you from cyber threats. We're committed to delivering on that promise and will continue to work tirelessly to improve our products.
Thank you for your support, and please don't hesitate to reach out if you have any questions or feedback.
Upcoming Events
MSSN CTRL
MSSN CTRL is a cybersecurity conference that focuses on innovative practices and how they are changing the way security has been traditionally practiced for the past decade. The conference aims to provide deep technical training and hands-on sessions that will equip attendees with the right methods and tools to protect their organizations or customers.
Apply to attend the conference here.
Why an application? MSSN CTRL is intimate by design. With only 100 seats, we want to ensure you are surrounded by security practitioners that will inspire you and enhance your career. The goal is to provide the opportunity for you to meet with engineers, analysts, and security leaders from the most prominent cybersecurity startups, security service providers, and the best SOC teams around the globe.
The event hosted in Arlington, VA on October 5-6, 2023, will be filled with technical training and informative sessions with direct takeaways on how you can leverage new methods and tools to protect your organization or customers.
Development Updates
Adding three new LC sensors
In this release, LimaCharlie added 3 new sensors:
Canary Token - CanaryTokens is an innovative tool that allows you to place decoy files, URLs, and other bait on your network or endpoints. When a CanaryToken is triggered, you'll receive an alert, allowing you to take immediate action to prevent any potential threats. With LimaCharlie Canary Token sensor, you can easily ingest CanaryToken alerts into LimaCharlie.
Azure Active Directory & Azure Monitor - these two sensors make it easier to get Azure data into LC.
Datadog Output & Rule Editing Experience Improvements
We have added an output to Datadog which makes it easier for users to send Detections, Audit Logs, and other types of Outputs directly to Datadog data analytics platform. You can configure a Datadog output by navigating to Outputs > Add Output in the web app.
Additionally, we added the ability to expand the rule editors for both D&R and FP rules. This should make it easier to edit complex and wordy rules without having to rely on a notepad or similar.
1password Cloud Sensor
This is a heads up that an upcoming release of the 1password cloud sensor (and Adapter) will now include the new /api/v1/auditevents API endpoint with Audit Events.
This endpoint requires the 1password API token to have the appropriate permission. If that permission is not enabled on the token, the Adapter / Cloud Sensor will keep working but you will see errors reported about then auth failure.
You likely want to go and make sure this permission is enabled so you receive these new events.
Sensor 4.28.1
You should upgrade particularly if you have upgraded to 4.28.0 on an Org with macOS issues.
Fixing a signing issue with macOS introduced in 4.28.0
Fixing issues with os_users on Windows
As usual, your feedback is very welcome and we look forward to pushing more functionality through Sigma and other managed rules from various sources. If you have any questions, join our Slack community or our weekly Office Hours held every Friday at 9:00AM PT.