100+ CAPABILITIES & INTEGRATIONS
An ecosystem of powerful technologies
Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.
Single Sign On
Allows a user to log in with a single ID to any of several related, yet independent, software systems.
Github
Secure your CI/CD pipeline by ingestion and monitoring GitHub audit logs
Torq
No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.
Duo
Automatically ingest and monitor Duo event logs in real-time.
Microsoft Office 365
Bring Microsoft Office 365 logs into LimaCharlie.
Google Cloud BigQuery
Output events and detections to a Google Cloud BigQuery Table.
Windows Event Log
Collect WEL without deploying LimaCharlie agent on the endpoint.
Microsoft Defender
Bring the logs from Defender for Endpoints or Defender for Cloud.
AlienVault OTX
Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.
Zeek Network Security Monitor
Run the Zeek tool on ingested PCAPs for network traffic analysis.
YARA Scanning
Run scans on demand or continuously across the entire fleet without impacting performance.
Windows Event Logs
Monitor Windows Event Logs in real-time and write custom rules to detect malicious behaviour.
Windows
Real-time telemetry collection, alerting and remediation on the Windows endpoints.
Webhook (bulk)
Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.
Webhook
Forward individually each event, detection, audit, deployment or artifact through a POST webhook.
VirusTotal
Make VT part of your Detection & Response rules to automate response in real-time.
Velociraptor
Targeted collection of digital forensic evidence across your endpoints.
User Groups
Manage staff at scale using group permissions.
Twillio
Trigger Twilio alerts based on Detection & Response rules.
Tines
Leverage Tines no-code security automation platform to automate your security workflows.
Telemetry Storage
One year of complete telemetry storage by default, at no extra cost.
Syslog
Forward events and detections to a syslog target
Soteria Ruleset
Subscribe to a comprehensive privately managed detection rule set .
SMTP
Forward individually each event, detection, audit, deployment or log through an email.
Slack
Forward detections and audit to a Slack channel.
Sigma Ruleset
Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.
SFTP
Forward events and detections to any external source over SFTP.
Service Policies
Define a service available on a specific host and which other endpoints have access to it.
Sensor Grouping
Group sensors with tags for automation and remediation at scale.
Sensor Cull
Continuous cleaning of sensors that have not connected to your organization in a number of days.
Sensor Commands
Interact with a sensor's host for investigation, management, or threat mitigation purposes.
Sensor Actions
Take actions towards remediation (kill processes, isolate from the network and more).
Send Service Request
Perform asynchronous requests to any service a given organization is subscribed to.
Send Commands
Easily run commands on the endpoint through the web application or CLI.
SCP
Forward events and detections over SCP (SSH file transfer).
Role-Based Access Control
Advanced role based access (RBAC) and fine grained permissions makes managing users easy.
REST API
Full-featured and well-documented REST API that enables full flexibility at scale.
Responder
Automate the initial assessment after an incident using the sweep tool.
Report Detection
Report a detection to your security team across a multitude of channels.
Reliable Tasking
Task a sensor (or set of sensors) that are currently offline.
Python CLI
Interact with sensors real-time and leverage advanced hunter capabilities.
Platform Logs
Everything that takes place in LimaCharlie is captured in management, error and audit logs.
Payloads
Run any executable or script on the endpoint on-demand or automatically across your fleet.
PagerDuty
Trigger events within PagerDuty from LimaCharlie to streamline security operations.
Packet Capture Policies
Create policies that determine when and how network packets are captured and processed.
Netflow Telemetry Policies
Create policies that determine when and how network telemetry is captured and processed.
Net
Real-time telemetry collection, alerting and remediation in the network.
Multitenancy
True multitenancy makes scaling operations simple and efficient.
MISP Lists
Leverage the world's largest open source threat intelligence platform.
Microsoft Edge
Real-time telemetry collection, alerting and remediation in the Edge browser.
Microsoft Defender
Leverage Defender integration to generate alerts and automate your security.
Memory/MFT Dumper
Perform deep forensics at scale using automated memory dumps.
Maxmind (IP Geolocation)
Write detection and response rules that use the users current geo location as a parameter.
Marketplace
Create extensions and share them on the LimaCharlie marketplace for profit or for free.
macOS
Real-time telemetry collection, alerting and remediation on the macOS endpoints.
Lookups & Threat Feeds Library
Subscribe to a number of threat feeds each at the click of a button.
Linux
Real-time telemetry collection, alerting and remediation on the Linux endpoints.
Kubernetes
Real-time telemetry collection, alerting and remediation in the cloud.
Isolate From the Network
Isolate any endpoint from the network while maintaining a line of command and control.
IOC Search
Search for the indicators of compromise across you entire fleet over the last year.
Infrastructure as Code
Spin up new tenants with custom configuration using an infrastructure as code approach.
Humio
Forward events and detections to the Humio.com service.
Historical Threat Hunting
Easily run detection & response rules against historical telemetry.
Google Cloud Storage
Forward events and detections to a GCS bucket.
Google Cloud Pubsub
Forward events and detections to a Pubsub topic.
Google Cloud Platform
Automatically ingest and monitor Google Cloud Platform audit logs.
Forward to an Output
Easily forward the matched event to any external source via the Output functionality.
Firewall Policies
Protect your network by filtering traffic and blocking outsiders from gaining unauthorized access.
File Integrity Monitoring
Automate integrity checks of files & registry values through pattern-based rules.
External Logs
Automatically ingest and monitor logs from any source.
DNS Policies
Use your own custom DNS or create your own policies to connect to third party services.
DNS Telemetry Policies
Create policies that determine when and how DNS telemetry is captured and processed.
Docker
Real-time telemetry collection, alerting and remediation in the cloud.
Event Tree View
Shorthen the investigation by leveraging the visual tree view in LimaCharlie's web app.
Data Sovereignty
Control in which GCP region you want your data to be processed and stored.
Custom Threat Feeds
Bring in your own threat feeds using our simple integration model for lookups.
Custom Rulesets
Create your own custom ruleset to use across your organizations.
Custom False Positive Rules
Reduce noise by easily creating false positive rules.
Custom Detection & Response Rules
Create complex detection logic to detect malicious behaviour specific to your use case.
Custom Branding
Customize LimaCharlie web application for your brand with your logo, colors and domain address.
Custom Automation Rules
Scale your business by automating manual actions, processes, and workflows.
Cisco Talos Blocklist
Write detection & response rules that check against the Cisco Talos IP blocklist.
Chronicle Backstory
The integration with Backstory will allow for the global correlation between log and endpoint telemetry.
Chrome
Real-time telemetry collection, alerting and remediation in the Chrome browser.
Centralized Billing
Set one billing for all organizations created by members of your domain.
Carbon Black
Automatically ingest and monitor CarbonBlack EDR logs & telemetry.
AWS Cloudtrail
Automatically ingest and monitor AWS Cloud Trail logs.
Atomic Red Team
Automate testing against the MITRE ATT&CK framework at scale.
Artifact Collection
Automatically ingest and monitor logs or artifacts from any endpoint.
Apache Kafka
Forward events and detections to a Kafka target.
Amazon S3
Forward events and detections to an Amazon S3 bucket.
Abuse.ch Lists
Leverage this list of cyber threats with a strong focus on malware and botnets.
1Password
Automatically ingest and monitor 1password event logs.