Single Sign On
Allows a user to log in with a single ID to any of several related, yet independent, software systems.
Secure your CI/CD pipeline by ingestion and monitoring GitHub audit logs
No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.
Automatically ingest and monitor Duo event logs in real-time.
Microsoft Office 365
Bring Microsoft Office 365 logs into LimaCharlie.
Google Cloud BigQuery
Output events and detections to a Google Cloud BigQuery Table.
Windows Event Log
Collect WEL without deploying LimaCharlie agent on the endpoint.
Bring the logs from Defender for Endpoints or Defender for Cloud.
Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.
Zeek Network Security Monitor
Run the Zeek tool on ingested PCAPs for network traffic analysis.
Run scans on demand or continuously across the entire fleet without impacting performance.
Windows Event Logs
Monitor Windows Event Logs in real-time and write custom rules to detect malicious behaviour.
Real-time telemetry collection, alerting and remediation on the Windows endpoints.
Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.
Forward individually each event, detection, audit, deployment or artifact through a POST webhook.
Make VT part of your Detection & Response rules to automate response in real-time.
Targeted collection of digital forensic evidence across your endpoints.
Manage staff at scale using group permissions.
Trigger Twilio alerts based on Detection & Response rules.
Leverage Tines no-code security automation platform to automate your security workflows.
One year of complete telemetry storage by default, at no extra cost.
Forward events and detections to a syslog target
Subscribe to a comprehensive privately managed detection rule set .
Forward individually each event, detection, audit, deployment or log through an email.
Forward detections and audit to a Slack channel.
Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.
Forward events and detections to any external source over SFTP.
Define a service available on a specific host and which other endpoints have access to it.
Group sensors with tags for automation and remediation at scale.
Continuous cleaning of sensors that have not connected to your organization in a number of days.
Interact with a sensor's host for investigation, management, or threat mitigation purposes.
Take actions towards remediation (kill processes, isolate from the network and more).
Send Service Request
Perform asynchronous requests to any service a given organization is subscribed to.
Easily run commands on the endpoint through the web application or CLI.
Forward events and detections over SCP (SSH file transfer).
Role-Based Access Control
Advanced role based access (RBAC) and fine grained permissions makes managing users easy.
Full-featured and well-documented REST API that enables full flexibility at scale.
Automate the initial assessment after an incident using the sweep tool.
Report a detection to your security team across a multitude of channels.
Task a sensor (or set of sensors) that are currently offline.
Interact with sensors real-time and leverage advanced hunter capabilities.
Everything that takes place in LimaCharlie is captured in management, error and audit logs.
Run any executable or script on the endpoint on-demand or automatically across your fleet.
Trigger events within PagerDuty from LimaCharlie to streamline security operations.
Packet Capture Policies
Create policies that determine when and how network packets are captured and processed.
Netflow Telemetry Policies
Create policies that determine when and how network telemetry is captured and processed.
Real-time telemetry collection, alerting and remediation in the network.
True multitenancy makes scaling operations simple and efficient.
Leverage the world's largest open source threat intelligence platform.
Real-time telemetry collection, alerting and remediation in the Edge browser.
Leverage Defender integration to generate alerts and automate your security.
Perform deep forensics at scale using automated memory dumps.
Maxmind (IP Geolocation)
Write detection and response rules that use the users current geo location as a parameter.
Create extensions and share them on the LimaCharlie marketplace for profit or for free.
Real-time telemetry collection, alerting and remediation on the macOS endpoints.
Lookups & Threat Feeds Library
Subscribe to a number of threat feeds each at the click of a button.
Real-time telemetry collection, alerting and remediation on the Linux endpoints.
Real-time telemetry collection, alerting and remediation in the cloud.
Isolate From the Network
Isolate any endpoint from the network while maintaining a line of command and control.
Search for the indicators of compromise across you entire fleet over the last year.
Infrastructure as Code
Spin up new tenants with custom configuration using an infrastructure as code approach.
Forward events and detections to the Humio.com service.
Historical Threat Hunting
Easily run detection & response rules against historical telemetry.
Google Cloud Storage
Forward events and detections to a GCS bucket.
Google Cloud Pubsub
Forward events and detections to a Pubsub topic.
Google Cloud Platform
Automatically ingest and monitor Google Cloud Platform audit logs.
Forward to an Output
Easily forward the matched event to any external source via the Output functionality.
Protect your network by filtering traffic and blocking outsiders from gaining unauthorized access.
File Integrity Monitoring
Automate integrity checks of files & registry values through pattern-based rules.
Automatically ingest and monitor logs from any source.
Use your own custom DNS or create your own policies to connect to third party services.
DNS Telemetry Policies
Create policies that determine when and how DNS telemetry is captured and processed.
Real-time telemetry collection, alerting and remediation in the cloud.
Event Tree View
Shorthen the investigation by leveraging the visual tree view in LimaCharlie's web app.
Control in which GCP region you want your data to be processed and stored.
Custom Threat Feeds
Bring in your own threat feeds using our simple integration model for lookups.
Create your own custom ruleset to use across your organizations.
Custom False Positive Rules
Reduce noise by easily creating false positive rules.
Custom Detection & Response Rules
Create complex detection logic to detect malicious behaviour specific to your use case.
Customize LimaCharlie web application for your brand with your logo, colors and domain address.
Custom Automation Rules
Scale your business by automating manual actions, processes, and workflows.
Cisco Talos Blocklist
Write detection & response rules that check against the Cisco Talos IP blocklist.
The integration with Backstory will allow for the global correlation between log and endpoint telemetry.
Real-time telemetry collection, alerting and remediation in the Chrome browser.
Set one billing for all organizations created by members of your domain.
Automatically ingest and monitor CarbonBlack EDR logs & telemetry.
Automatically ingest and monitor AWS Cloud Trail logs.
Atomic Red Team
Automate testing against the MITRE ATT&CK framework at scale.
Automatically ingest and monitor logs or artifacts from any endpoint.
Forward events and detections to a Kafka target.
Forward events and detections to an Amazon S3 bucket.
Leverage this list of cyber threats with a strong focus on malware and botnets.
Automatically ingest and monitor 1password event logs.