Easily search across your entire fleet
All of telemetry ingested into LimaCharlie is indexed across indicators of compromise (IOC) allowing users to easily search across all telemetry. LimaCharlie stores a full year of telemetry by default.
Indexing occurs in one of three ways:
- By the built-in indexer for specific platforms like Carbon Black.
- By a generic indexer applied to all fields if no built-in indexer was available.
- Optionally, user-specific indexing guidelines.
All indexes produced will feed into the main IOC Indexing functionality of LimaCharlie.
