April 1st, 2023
Developer Roll Up: March 2023
Christopher Luft
Spring is in the air and the team at LimaCharlie continues on its quest to change the way that cybersecurity tools and supporting infrastructure are delivered.
Join us for this month’s live webinar where Matt Bromiley, our Lead Solutions engineer, will be discussing LimaCharlie's detection and response capabilities.
In this live webinar, we will look at:
What goes into a detection and response (D&R) rule
Crafting detection rules for operating system telemetry
Scaling detection and response rules across third-party logs and other telemetry
Importing pre-configured rules to get your organization up and running fast
This is part two of a multi-part education series (part 1 here), where we look at different ways to utilize the LimaCharlie platform. As always, our free tier lets you get started with LimaCharlie without entering a credit card. We encourage you to follow along, bring your questions, and learn how LimaCharlie can help you create the security program you’ve always wanted!
You can register for the webinar here: LC101: Writing Detection and Response Rules
LimaCharlie is organizing a new cybersecurity conference called MSSN CTRL being held on October 5-6, 2023, in Arlington, VA.
Our aim is to bring together security practitioners and leaders who are at the forefront of innovation in security engineering and automation featuring deep technical trainings and sessions with valuable takeaways.
We have some fantastic speakers already lined up for the event which we will be announcing soon. If you are interested in speaking at the conference, our Call for Papers is open through April 16, 2023. You can submit your proposal here: https://www.papercall.io/mssnctrl23
Learn more and get notified when tickets are available for purchase: https://www.mssnctrl.org
The ability to filter detections by date range
To make it easier for LimaCharlie users to navigate detections in the web app, we have added the ability to filter detections by date range. Users can now switch between jumping to a single date and filtering within a given time range in one click.
Announcing Elastic Output
With LimaCharlie, organizations have full control of their security data - we make it easy to collect logs and telemetry from any source using Sensors and send it to any destination via Outputs. The granularity of the data collected and sent is controlled by the user. Along with generic mechanisms for outputting the data such as webhook and Syslog, LimaCharlie offers several pre-built configurations that simplify the task of sending data out of LC.
In this release, we are announcing Elastic Output which makes it easier to output events and detections to Elastic.
Link to the technical doc: Elastic Output
Microsoft User Authentication updates coming soon
We are making a change to our Microsoft SSO on March 22, 2023.
We anticipate most users will find this change to be seamless. Depending on your Azure configuration, it may require a one-time approval from an Azure Active Directory administrator to approve a new Enterprise Application.
We are making this change to address an issue where some users were unable to sign up using Microsoft SSO. Please let us know if you have any questions or concerns.
LimaCharlie Query Console Suggestions
LimaCharlie Query Console now offers a search experience that displays a list of possible options that users can select from as they type. Several sources contribute to these suggestions:
LCQL Query Structure which provides a list of options based on the structure of the query.
LimaCharlie Schema API which exposes the "learned" schema from specific event types. As data comes into LimaCharlie, the Schema API will accumulate the list of fields and types observed for those specific events. LimaCharlie Query Console retrieves this learned schema and offers suitable suggestions as users type.
Sensor Selector Expressions which enable selecting a set of Sensors based on some characteristics.
LimaCharlie Query Console Suggestions are there to assist users as they are learning how to navigate the new Query Language and becoming more comfortable with the Console. It is most valuable to help get the right syntax for events and schema, while assisting with drafting the query along the way.
As usual, your feedback is very welcome and we look forward to pushing more functionality through Sigma and other managed rules from various sources. If you have any questions, join our Slack community or our weekly Office Hours held every Friday at 9:00AM PT.