100+ CAPABILITIES & INTEGRATIONS

An ecosystem of powerful technologies

Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.

Get Started Free Book a demo

Single Sign On

Allows a user to log in with a single ID to any of several related, yet independent, software systems.

Github

Secure your CI/CD pipeline by ingestion and monitoring GitHub audit logs

Torq

No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.

Duo's modern access security is designed to safeguard all users, devices, and applications — so you can stay focused on what you do best.

Duo

Automatically ingest and monitor Duo event logs in real-time.

Microsoft Office 365

Bring Microsoft Office 365 logs into LimaCharlie.

Google Cloud BigQuery

Output events and detections to a Google Cloud BigQuery Table.

Windows Event Log

Collect WEL without deploying LimaCharlie agent on the endpoint.

Microsoft Defender

Bring the logs from Defender for Endpoints or Defender for Cloud.

AlienVault OTX

Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.

Zeek Network Security Monitor

Run the Zeek tool on ingested PCAPs for network traffic analysis.

YARA Scanning

Run scans on demand or continuously across the entire fleet without impacting performance.

Windows Event Logs

Monitor Windows Event Logs in real-time and write custom rules to detect malicious behaviour.

Windows

Real-time telemetry collection, alerting and remediation on the Windows endpoints.

Webhook (bulk)

Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.

Webhook

Forward individually each event, detection, audit, deployment or artifact through a POST webhook.

VirusTotal

Make VT part of your Detection & Response rules to automate response in real-time.

Velociraptor

Targeted collection of digital forensic evidence across your endpoints.

User Groups

Manage staff at scale using group permissions.

Twillio

Trigger Twilio alerts based on Detection & Response rules.

Tines

Leverage Tines no-code security automation platform to automate your security workflows.

Telemetry Storage

One year of complete telemetry storage by default, at no extra cost.

Syslog

Forward events and detections to a syslog target

Soteria Ruleset

Subscribe to a comprehensive privately managed detection rule set .

SMTP

Forward individually each event, detection, audit, deployment or log through an email.

Slack

Forward detections and audit to a Slack channel.

Sigma Ruleset

Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.

SFTP

Forward events and detections to any external source over SFTP.

Service Policies

Define a service available on a specific host and which other endpoints have access to it.

Sensor Grouping

Group sensors with tags for automation and remediation at scale.

Sensor Cull

Continuous cleaning of sensors that have not connected to your organization in a number of days.

Sensor Commands

Interact with a sensor's host for investigation, management, or threat mitigation purposes.

Sensor Actions

Take actions towards remediation (kill processes, isolate from the network and more).

Send Service Request

Perform asynchronous requests to any service a given organization is subscribed to.

Send Commands

Easily run commands on the endpoint through the web application or CLI.

SCP

Forward events and detections over SCP (SSH file transfer).

Role-Based Access Control

Advanced role based access (RBAC) and fine grained permissions makes managing users easy.

REST API

Full-featured and well-documented REST API that enables full flexibility at scale.

Responder

Automate the initial assessment after an incident using the sweep tool.

Report Detection

Report a detection to your security team across a multitude of channels.

Reliable Tasking

Task a sensor (or set of sensors) that are currently offline.

Python CLI

Interact with sensors real-time and leverage advanced hunter capabilities.

Platform Logs

Everything that takes place in LimaCharlie is captured in management, error and audit logs.

Payloads

Run any executable or script on the endpoint on-demand or automatically across your fleet.

PagerDuty

Trigger events within PagerDuty from LimaCharlie to streamline security operations.

Packet Capture Policies

Create policies that determine when and how network packets are captured and processed.

Netflow Telemetry Policies

Create policies that determine when and how network telemetry is captured and processed.

Net

Real-time telemetry collection, alerting and remediation in the network.

Multitenancy

True multitenancy makes scaling operations simple and efficient.

MISP Lists

Leverage the world's largest open source threat intelligence platform.

Microsoft Edge

Real-time telemetry collection, alerting and remediation in the Edge browser.

Microsoft Defender

Leverage Defender integration to generate alerts and automate your security.

Memory/MFT Dumper

Perform deep forensics at scale using automated memory dumps.

Maxmind (IP Geolocation)

Write detection and response rules that use the users current geo location as a parameter.

Marketplace

Create extensions and share them on the LimaCharlie marketplace for profit or for free.

macOS

Real-time telemetry collection, alerting and remediation on the macOS endpoints.

Lookups & Threat Feeds Library

Subscribe to a number of threat feeds each at the click of a button.

Linux

Real-time telemetry collection, alerting and remediation on the Linux endpoints.

Kubernetes

Real-time telemetry collection, alerting and remediation in the cloud.

Isolate From the Network

Isolate any endpoint from the network while maintaining a line of command and control.

IOC Search

Search for the indicators of compromise across you entire fleet over the last year.

Infrastructure as Code

Spin up new tenants with custom configuration using an infrastructure as code approach.

Humio

Forward events and detections to the Humio.com service.

Historical Threat Hunting

Easily run detection & response rules against historical telemetry.

Google Cloud Storage

Forward events and detections to a GCS bucket.

Google Cloud Pubsub

Forward events and detections to a Pubsub topic.

Google Cloud Platform

Automatically ingest and monitor Google Cloud Platform audit logs.

Forward to an Output

Easily forward the matched event to any external source via the Output functionality.

Firewall Policies

Protect your network by filtering traffic and blocking outsiders from gaining unauthorized access.

File Integrity Monitoring

Automate integrity checks of files & registry values through pattern-based rules.

External Logs

Automatically ingest and monitor logs from any source.

DNS Policies

Use your own custom DNS or create your own policies to connect to third party services.

DNS Telemetry Policies

Create policies that determine when and how DNS telemetry is captured and processed.

Docker

Real-time telemetry collection, alerting and remediation in the cloud.

Event Tree View

Shorthen the investigation by leveraging the visual tree view in LimaCharlie's web app.

Data Sovereignty

Control in which GCP region you want your data to be processed and stored.

Custom Threat Feeds

Bring in your own threat feeds using our simple integration model for lookups.

Custom Rulesets

Create your own custom ruleset to use across your organizations.

Custom False Positive Rules

Reduce noise by easily creating false positive rules.

Custom Detection & Response Rules

Create complex detection logic to detect malicious behaviour specific to your use case.

Custom Branding

Customize LimaCharlie web application for your brand with your logo, colors and domain address.

Custom Automation Rules

Scale your business by automating manual actions, processes, and workflows.

Cisco Talos Blocklist

Write detection & response rules that check against the Cisco Talos IP blocklist.

Chronicle Backstory

The integration with Backstory will allow for the global correlation between log and endpoint telemetry.

Chrome

Real-time telemetry collection, alerting and remediation in the Chrome browser.

Centralized Billing

Set one billing for all organizations created by members of your domain.

Carbon Black

Automatically ingest and monitor CarbonBlack EDR logs & telemetry.

AWS Cloudtrail

Automatically ingest and monitor AWS Cloud Trail logs.

Atomic Red Team

Automate testing against the MITRE ATT&CK framework at scale.

Artifact Collection

Automatically ingest and monitor logs or artifacts from any endpoint.

Apache Kafka

Forward events and detections to a Kafka target.

Amazon S3

Forward events and detections to an Amazon S3 bucket.

Abuse.ch Lists

Leverage this list of cyber threats with a strong focus on malware and botnets.

1Password

Automatically ingest and monitor 1password event logs.