← Back to Blog

Developer Roll Up: May 2024

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
blog post header image

One more month has passed, bringing with it new improvements to the SecOps Cloud Platform.

Upcoming Events

Loud & Clear with CISOs: Solving Tool Sprawl Webinar When: June 18 @ 10:00am PT

Time and time again, we see enterprise security teams facing complex issues that originate from one pain point: tool sprawl. Analysts don’t need *another* dashboard. They need a place to consolidate. A single place that detections can be ingested and managed, easily configured based on telemetry sources. With LimaCharlie’s SecOps Cloud Platform, we can help reduce exposure to the number of dashboards your security team(s) require. In this webcast, we’ll look at how to use LimaCharlie for:

  • Determining telemetry and alert fidelity to get the *right* sources in front of your analysts

  • Detection consolidation, preventing the need for multiple platforms to display alerts

  • Detection + telemetry architecture, finding the optimal solution for enterprise security deployments

Join us on June 18th for a thorough discussion on how LimaCharlie can assist with tool and detection consolidation, reducing analyst and alert fatigue, and simplifying your security operations approach.

Defender Fridays When: Every Friday @ 10:30am PT

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

This month, we are joined by Wade Wells and other industry professionals. 

Register for the series: https://limacharlie.io/defender-fridays 

May’s Releases

Ability to add comments to Detection & Response and False Positive rules

In the release, we have added the ability to add comments to Detection & Response and False Positive rules. This can be useful to give analysts and detection engineers more context about the rule, how it works, what it includes or excludes, etc.

New EDR version 4.29.1

Upgrades include:

  • Improved stability across all platforms, particularly using the new installers available for download.

  • We have fixed the proxy support on Linux.

  • MacOS NEW_PROCESS event will now report RESPONSIBLE process/user/group information.

  • We’ve also fixed the handling of fork+exec on Linux and MacOS.

  • LimaCharlie has added MacOS support for Mac Unified Logs (MUL) similar to the Windows Event Log (WEL) support. Use the mul://<PREDICATE> format in Artifact collection to specify which MULs to collect in real-time.