100+ CAPABILITIES & INTEGRATIONS
Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.
Forward events and detections over SCP (SSH file transfer).
Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.
Forward individually each event, detection, audit, deployment or log through an email.
Output events and detections to a Google Cloud BigQuery Table.
Monitor and write detections against Slack audit logs.
Forward events and detections to a syslog target.
Forward events and detections to a Pubsub topic.
Forward events and detections to a GCS bucket.
Interact with Sensors in real-time and leverage advanced hunter capabilities.
Full-featured and well-documented REST API that enables full flexibility at scale.
Monitor Windows Event Logs in real-time and write custom rules to detect malicious behavior.
Write detection and response rules that use the users current geo location as a parameter.
The integration with Backstory will allow for the global correlation between log and endpoint telemetry.
Continuous cleaning of sensors that have not connected to your organization in a number of days.
Trigger events within PagerDuty from LimaCharlie to streamline security operations.
Leverage the world's largest open source threat intelligence platform.
Bring in your own threat feeds using our simple integration model for lookups.
Create extensions and share them on the LimaCharlie marketplace for profit or for free.
Output detections and audit (only) to a Slack community and channel.
Bring the logs from Defender for Endpoints or Defender for Cloud.
No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.
Scale your business by automating manual actions, processes, and workflows.
Leverage the Defender integration to generate alerts and automate your security.
Automate the initial assessment after an incident using the sweep tool.
Perform deep forensics at scale using automated memory dumps.
Collect WEL without deploying the LimaCharlie agent on the endpoint.
Secure your CI/CD pipeline by ingesting and monitoring GitHub audit logs
Spin up new tenants with custom configuration using an infrastructure as code approach.
Threat-informed cyber operations: advanced detection rules for any platform.
Create complex detection logic to detect malicious behaviour specific to your use case.
Reduce noise by easily creating false positive rules.
Report a detection to your security team across a multitude of channels.
Subscribe to a comprehensive privately managed detection ruleset .
Easily run commands on the endpoint through the web application or CLI.
Run any executable or script on the endpoint on-demand or automatically across your fleet.
One year of complete telemetry storage by default, at no extra cost.
Perform asynchronous requests to any service a given organization is subscribed to.
Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.
Easily forward the matched event to any external source via the Output functionality.
Isolate any endpoint from the network while maintaining a line of command and control.
Shorten investigation time by leveraging the visual tree view in LimaCharlie's web app.
Advanced role-based access (RBAC) and fine grained permissions makes managing users easy.
Everything that takes place in LimaCharlie is captured in management, error, and audit logs.
Take actions towards remediation (kill processes, isolate from the network, and more).
Leverage the Tines no-code security automation platform to automate your security workflows.
Trigger Twilio alerts based on detection & response rules.
Make VT part of your detection & response rules to automate response in real-time.
Customize the LimaCharlie web application for your brand with your logo, colors and domain address.
Automatically ingest and monitor 1Password event logs.
Automatically ingest and monitor Carbon Black EDR logs & telemetry.
Easily run detection & response rules against historical telemetry.
Search for indicators of compromise across your entire fleet over the last year.
Automatically ingest and monitor Google Cloud Platform audit logs.
Automate integrity checks of files & registry values through pattern-based rules.
Automatically ingest and monitor logs from any source.
Real-time telemetry collection, alerting and remediation in the cloud.
True multitenancy makes scaling operations simple and efficient.
Automatically ingest and monitor Crowdstrike EDR logs & telemetry.
Automatically ingest and monitor Duo event logs in real-time.
Bring Microsoft Office 365 logs into LimaCharlie.
Run scans on demand or continuously across the entire fleet without impacting performance.
Flexible, intuitive, and interactive way to explore data in LimaCharlie.
Real-time telemetry collection, alerting and remediation on the Windows endpoints.
Allows a user to log in with a single ID to any of several related, yet independent, software systems.
Group sensors with tags for automation and remediation at scale.
Interact with a sensor's host for investigation, management, or threat mitigation purposes.
Real-time telemetry collection, alerting and remediation in the Edge browser.
Subscribe to a number of threat feeds each at the click of a button.
Real-time telemetry collection, alerting and remediation on the macOS endpoints.
Real-time telemetry collection, alerting and remediation on the Linux endpoints.
Forward individually each event, detection, audit, deployment or artifact through a POST webhook.
Task a sensor (or set of sensors) that are currently offline.
Forward events and detections to any external source over SFTP.
Targeted collection of digital forensic evidence across your endpoints.
Manage staff at scale using group permissions.
Forward events and detections to a Kafka target.
Forward events and detections to an Amazon S3 bucket.
Set one billing for all organizations created by members of your domain.
Real-time telemetry collection, alerting and remediation in the Chrome browser.
Automatically ingest and monitor logs or artifacts from any endpoint.
Automate testing against the MITRE ATT&CK framework at scale.
Create your own custom ruleset to use across your organizations.
Automatically ingest and monitor AWS Cloud Trail logs.
Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.
Run the Zeek tool on ingested PCAPs for network traffic analysis.
Control in which GCP region you want your data to be processed and stored.
Write detection & response rules that check against the Cisco Talos IP blocklist.
Leverage this list of cyber threats with a strong focus on malware and botnets.
