100+ CAPABILITIES & INTEGRATIONS
Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.
Leverage this list of cyber threats with a strong focus on malware and botnets.
Write detection & response rules that check against the Cisco Talos IP blocklist.
Control in which GCP region you want your data to be processed and stored.
Run the Zeek tool on ingested PCAPs for network traffic analysis.
Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.
Automatically ingest and monitor AWS Cloud Trail logs.
Create your own custom ruleset to use across your organizations.
Automate testing against the MITRE ATT&CK framework at scale.
Automatically ingest and monitor logs or artifacts from any endpoint.
Real-time telemetry collection, alerting and remediation in the Chrome browser.
Set one billing for all organizations created by members of your domain.
Forward events and detections to an Amazon S3 bucket.
Forward events and detections to a Kafka target.
Real-time telemetry collection, alerting and remediation in the cloud.
Manage staff at scale using group permissions.
Targeted collection of digital forensic evidence across your endpoints.
Forward events and detections to any external source over SFTP.
Task a sensor (or set of sensors) that are currently offline.
Forward individually each event, detection, audit, deployment or artifact through a POST webhook.
Real-time telemetry collection, alerting and remediation on the Linux endpoints.
Real-time telemetry collection, alerting and remediation on the macOS endpoints.
Subscribe to a number of threat feeds each at the click of a button.
Real-time telemetry collection, alerting and remediation in the Edge browser.
Interact with a sensor's host for investigation, management, or threat mitigation purposes.
Group sensors with tags for automation and remediation at scale.
Allows a user to log in with a single ID to any of several related, yet independent, software systems.
Real-time telemetry collection, alerting and remediation on the Windows endpoints.
Flexible, intuitive, and interactive way to explore data in LimaCharlie.
Run scans on demand or continuously across the entire fleet without impacting performance.
Bring Microsoft Office 365 logs into LimaCharlie.
Automatically ingest and monitor Duo event logs in real-time.
Automatically ingest and monitor Crowdstrike EDR logs & telemetry.
True multitenancy makes scaling operations simple and efficient.
Automatically ingest and monitor logs from any source.
Automate integrity checks of files & registry values through pattern-based rules.
Automatically ingest and monitor Google Cloud Platform audit logs.
Search for indicators of compromise across your entire fleet over the last year.
Easily run detection & response rules against historical telemetry.
Automatically ingest and monitor Carbon Black EDR logs & telemetry.
Customize the LimaCharlie web application for your brand with your logo, colors and domain address.
Make VT part of your detection & response rules to automate response in real-time.
Trigger Twilio alerts based on detection & response rules.
Leverage the Tines no-code security automation platform to automate your security workflows.
Take actions towards remediation (kill processes, isolate from the network, and more).
Everything that takes place in LimaCharlie is captured in management, error, and audit logs.
Advanced role-based access (RBAC) and fine grained permissions makes managing users easy.
Shorten investigation time by leveraging the visual tree view in LimaCharlie's web app.
Isolate any endpoint from the network while maintaining a line of command and control.
Easily forward the matched event to any external source via the Output functionality.
Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.
Perform asynchronous requests to any service a given organization is subscribed to.
One year of complete telemetry storage by default, at no extra cost.
Run any executable or script on the endpoint on-demand or automatically across your fleet.
Easily run commands on the endpoint through the web application or CLI.
Subscribe to a comprehensive privately managed detection ruleset .
Report a detection to your security team across a multitude of channels.
Reduce noise by easily creating false positive rules.
Create complex detection logic to detect malicious behaviour specific to your use case.
Threat-informed cyber operations: advanced detection rules for any platform.
Spin up new tenants with custom configuration using an infrastructure as code approach.
Secure your CI/CD pipeline by ingesting and monitoring GitHub audit logs
Collect WEL without deploying the LimaCharlie agent on the endpoint.
Perform deep forensics at scale using automated memory dumps.
Automate the initial assessment after an incident using the sweep tool.
Leverage the Defender integration to generate alerts and automate your security.
Scale your business by automating manual actions, processes, and workflows.
No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.
Bring the logs from Defender for Endpoints or Defender for Cloud.
Output detections and audit (only) to a Slack community and channel.
Create extensions and share them on the LimaCharlie marketplace for profit or for free.
Bring in your own threat feeds using our simple integration model for lookups.
Leverage the world's largest open source threat intelligence platform.
Trigger events within PagerDuty from LimaCharlie to streamline security operations.
Continuous cleaning of sensors that have not connected to your organization in a number of days.
The integration with Backstory will allow for the global correlation between log and endpoint telemetry.
Write detection and response rules that use the users current geo location as a parameter.
Monitor Windows Event Logs in real-time and write custom rules to detect malicious behavior.
Full-featured and well-documented REST API that enables full flexibility at scale.
Interact with Sensors in real-time and leverage advanced hunter capabilities.
Forward events and detections to a GCS bucket.
Forward events and detections to a Pubsub topic.
Forward events and detections to a syslog target.
Monitor and write detections against Slack audit logs.
Output events and detections to a Google Cloud BigQuery Table.
Forward individually each event, detection, audit, deployment or log through an email.
Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.
Forward events and detections over SCP (SSH file transfer).
Automatically ingest and monitor 1Password event logs.
Forward detections and audit to a Slack channel.
