← Back to Blog

Developer Roll Up: March 2024

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
blog post header image

Another month in the books and another month of new enhancements to the SecOps Cloud Platform. Stay tuned as our development team is working on some exciting capabilities—one of which will be announced at Google Cloud Next.

Upcoming Events

Navigating the SecOps Cloud Platform Revolution for Enterprise SOCs When: April 11 @ 10am PT

In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient.

It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to question the status quo and to open your mind to a new way of thinking about security operations.

Join us for an immersive event that will reshape your understanding of modern security operations.

Register now: https://info.limacharlie.io/navigating-the-secops-cloud-platform-revolution 

LimaCharlie at RSAC 2024 When: May 6-9

Join us this year at RSAC. Stop by the LimaCharlie booth (#1167) to learn about the SecOps Cloud Platform, pick up some swag, and meet the team building the future of SecOps.

Schedule a meeting with the team: https://info.limacharlie.io/meetings/jessica-crytzer/rsac-2024?hsLang=en

Join us for happy hour at Kona's Street Market for an intimate after hours event with our friends from Panther and Sublime Security. 

RSVP now: https://lu.ma/rsac24-limacharlie-panther-sublime

Defender Fridays When: Every Friday @ 10:30am PT

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. This month, we are joined by Michael Taggart, Mike Hornsby, and Wes Lambert. 

Register for the series: https://limacharlie.io/defender-fridays 

Ability to Upload Payloads via Web App

LimaCharlie now offers the ability to upload payloads via a web interface, by simply dragging and dropping a payload file. This means that you no longer need to run a curl command (but you still can as both options are available).

In addition, we removed restrictions around file types so any file type can be uploaded.

New Hayabusa Extension

Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. The Hayabusa extension allows you to run Hayabusa against a specified event log (.evtx) or a collection of event logs (.zip). LimaCharlie will automatically kick off the analysis based off of the artifact ID provided in a D&R rule action.

To get started, subscribe to the Hayabusa extension. 

Additional docs and example rules are available in the LimaCharlie Hayabusa third-party extension documentation.

Migrating D&R Rule from Legacy Service to New Extension

LimaCharlie launched a CLI tool to migrate D&R rules from legacy Service to new Extension.

The Python CLI gives you a direct way to assess if any rules reference legacy reliable tasking, Zeek, YARA, or PagerDuty service, preview the change and execute the conversion required in the rule "response".

To learn more about converting D&R rules, visit our technical documentation:

Updates to the API for the Default Org Creation Template

Several weeks ago, we announced a change to the new tenant creation experience. Any new tenant created in the web app is now enabling Extensions instead of legacy Services.

This change will now be implemented for the LimaCharlie API. This means for new tenants via API using the default template, LimaCharlie will be enabling Extensions instead of Services. 

Custom automations that do not rely on the default template will not be affected.

Announcing Advanced Filters in the Web App

LimaCharlie announced advanced filters added to the Sensors and Timeline pages. LimaCharlie users can now get a more granular look at specific events or sensors.

Let us know your feedback & ideas to make it better. Note that based on feedback from our Beta users, we will be bringing back the text search field to the Timeline shortly.

The Sensor Processes Page Now Shows Modules in a Modal, Instead of at the Bottom of the Page

Previously, when navigating through the Processes page on Sensors, you would see a flashing menu of options such as "View Modules", "Kill Process", etc. To make the page faster and improve user experience, we moved this menu to the left of the page. Additionally, the Sensor Processes page now shows modules in a modal, instead of at the bottom of the page.