Introducing LimaCharlie Search: Unlocking Key SIEM Capabilities

Our powerful new search feature vastly expands our existing SIEM functionality.

Simplify SIEM tasks with LimaCharlie search 

LimaCharlie’s new advanced integrated Search enables security teams to perform deep investigations seamlessly with the rest of LimaCharlie SecOps platform. Whether you’re investigating alerts, simulating detection rules, or examining telemetry across tenants, Search makes it faster, simpler, and more cost-efficient. Search is currently available in private preview with a wider release coming soon.

Our focus on Search functionality comes from its essential role in modern security operations. Security teams depend on vast volumes of logs, telemetry, and events for investigations, hunting, and response. Across traditional SIEMs and modern cloud-native platforms, search is a critical tool for security professionals.

We took inspiration from long-held industry standards and added some touches to match the unique needs of modern security practitioners. With the new search tightly integrated with the rest of the LimaCharlie platform, security operators will proactively look for emerging threats and uncover indicators across multiple data sources that wouldn't yet trigger a detection. They can also convert search queries into detection-as-code to build up their defenses. 

Search facilitates better threat hunting, breach investigation, incident response, detection engineering and many other key activities. To put it simply, our new search functionality moves LimaCharlie from an EDR-focused solution to a platform capable of delivering modern SIEM functionality. 

A search experience built for SecOps

Our new query console provides the key elements you expect and need. The query editor reflects the structure of LCQL - LimaCharlie Query Language, and inclines users towards authoring more efficient queries. Type-ahead functionality streamlines query writing by prompting the correct syntax.

Our time selector offers multiple ways of defining a search timeframe and include intuitive shortcuts like 3d and now. The facets panel helps analysts explore the data. Schema Fields represent the entire schema for an organization, while Event Types and Fields help users understand the structure of their results and refine their query.

Inspecting fields allows understanding the result structure and quickly refine the query

One unique feature of LimaCharlie Search is the histogram that not only represents where the org data is distributed in the target time interval, but serves as a progress indicator as users push through their results.

Event details are shown as the user pages through results. Meanwhile, the backend works through the time period, sifting through more data to find more search matches. This is one of many measures we take to help users control the cost of their queries. (Yes, there is a cost, honest to our “pay per use” philosophy, with a hefty free tier, see pricing).

Timer gives a variety of time period selecting options: most recent, radius, from-to interval"

Once the event details are inspected and understood, the user can turn the query into a detection and response (D&R) rule with one click, or save the search to the query library.

Transparent pricing, predictable costs

An ever-present challenge for security operation teams is providing visibility to massive volumes of security data while staying cost-efficient. LimaCharlie has always been a great choice for EDR data for our competitive price-per-endpoint and one year data retention. The new Search not only unlocks troves of data to high quality analysis, it also makes LimaCharlie a great choice for unifying all security data from all the other sources. Adopting LimaCharlie reduces tool sprawl, frees up budget, and delivers an integrated user experience. 

LimaCharlie has always helped security practitioners fight against unpredictable costs by providing full transparency. Traditional licensing models and opaque data pricing make it difficult for security teams to accurately forecast expenses, particularly when the demand for data is volatile. 

Our commitment to transparency and affordability is reflected in our publicly available pay-per-use pricing model (and free year of data storage). Likewise, our new pay-per-search model provides query costs upfront to help security professionals avoid overprovisioning and overspending. This cost model makes the LimaCharlie approach particularly attractive to MSSPs, MSPs, and MDRs.

Now available in private preview, Search will roll out to all users in the near future. Be the first to know when this capability is available by joining the wait list and our team will be in touch. 

To learn more about the SecOps Cloud Platform, and how you can control coverage, costs, and speed up incident investigations with our platform, visit LimaCharlie.io.