Used in Header navigation bar

100+ CAPABILITIES & INTEGRATIONS

An ecosystem of powerful technologies

Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.

Feature grid
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
Single Sign On

Allows a user to log in with a single ID to any of several related, yet independent, software systems.

Securely Automate Every Step of Your Software Workflow. Stay Focused on What Matters Most. Build More and Ship Fast with GitHub Actions, the Native CI/CD Solution Built for GitHub. Developer- Led Learning. Free Trial. 24/7 Support. Automate Workflows.
Github

Secure your CI/CD pipeline by ingestion and monitoring GitHub audit logs

Accelerate response, eliminate manual work, and deliver the best possible protection.
Torq

No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.

Duo's modern access security is designed to safeguard all users, devices, and applications — so you can stay focused on what you do best.
Duo

Automatically ingest and monitor Duo event logs in real-time.

Microsoft Office 365 logo
Microsoft Office 365

Bring Microsoft Office 365 logs into LimaCharlie.

Google Cloud Icon
Google Cloud BigQuery

Output events and detections to a Google Cloud BigQuery Table.

Microsoft Windows Logo
Windows Event Log

Collect WEL without deploying LimaCharlie agent on the endpoint.

Microsoft Defender logo
Microsoft Defender

Bring the logs from Defender for Endpoints or Defender for Cloud.

AlienVault Icon
AlienVault OTX

Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.

Zeek Icon
Zeek Network Security Monitor

Run the Zeek tool on ingested PCAPs for network traffic analysis.

Automation Icon
YARA Scanning

Run scans on demand or continuously across the entire fleet without impacting performance.

Automation Icon
Windows Event Logs

Monitor Windows Event Logs in real-time and write custom rules to detect malicious behaviour.

Windows Icon
Windows

Real-time telemetry collection, alerting and remediation on the Windows endpoints.

Output Icon
Webhook (bulk)

Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.

Output Icon
Webhook

Forward individually each event, detection, audit, deployment or artifact through a POST webhook.

VirusTotal Icon
VirusTotal

Make VT part of your Detection & Response rules to automate response in real-time.

Extension Icon
Velociraptor

Targeted collection of digital forensic evidence across your endpoints.

Admin Icon
User Groups

Manage staff at scale using group permissions.

Twillio Icon
Twillio

Trigger Twilio alerts based on Detection & Response rules.

Tines Icon
Tines

Leverage Tines no-code security automation platform to automate your security workflows.

Sensor Icon
Telemetry Storage

One year of complete telemetry storage by default, at no extra cost.

Output Icon
Syslog

Forward events and detections to a syslog target

Detection & Response Icon
Soteria Ruleset

Subscribe to a comprehensive privately managed detection rule set .

Output Icon
SMTP

Forward individually each event, detection, audit, deployment or log through an email.

Slack Icon
Slack

Forward detections and audit to a Slack channel.

Detection & Response Icon
Sigma Ruleset

Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.

Output Icon
SFTP

Forward events and detections to any external source over SFTP.

Microsegmentation Icon
Service Policies

Define a service available on a specific host and which other endpoints have access to it.

Sensor Icon
Sensor Grouping

Group sensors with tags for automation and remediation at scale.

Sensor Icon
Sensor Cull

Continuous cleaning of sensors that have not connected to your organization in a number of days.

Sensor Icon
Sensor Commands

Interact with a sensor's host for investigation, management, or threat mitigation purposes.

Sensor Icon
Sensor Actions

Take actions towards remediation (kill processes, isolate from the network and more).

Detection & Response Icon
Send Service Request

Perform asynchronous requests to any service a given organization is subscribed to.

Detection & Response Icon
Send Commands

Easily run commands on the endpoint through the web application or CLI.

SCP Icon
SCP

Forward events and detections over SCP (SSH file transfer).

Compliance Icon
Role-Based Access Control

Advanced role based access (RBAC) and fine grained permissions makes managing users easy.

Automation Icon
REST API

Full-featured and well-documented REST API that enables full flexibility at scale.

Automation Icon
Responder

Automate the initial assessment after an incident using the sweep tool.

Detection & Response Icon
Report Detection

Report a detection to your security team across a multitude of channels.

Sensor Icon
Reliable Tasking

Task a sensor (or set of sensors) that are currently offline.

Python CLI Icon
Python CLI

Interact with sensors real-time and leverage advanced hunter capabilities.

Compliance Icon
Platform Logs

Everything that takes place in LimaCharlie is captured in management, error and audit logs.

Detection & Response Icon
Payloads

Run any executable or script on the endpoint on-demand or automatically across your fleet.

PagerDuty Icon
PagerDuty

Trigger events within PagerDuty from LimaCharlie to streamline security operations.

Microsegmentation Icon
Packet Capture Policies

Create policies that determine when and how network packets are captured and processed.

Microsegmentation Icon
Netflow Telemetry Policies

Create policies that determine when and how network telemetry is captured and processed.

Admin Icon
Multitenancy

True multitenancy makes scaling operations simple and efficient.

MISP Icon
MISP Lists

Leverage the world's largest open source threat intelligence platform.

Edge Icon
Microsoft Edge

Real-time telemetry collection, alerting and remediation in the Edge browser.

Microsoft Defender Icon
Microsoft Defender

Leverage Defender integration to generate alerts and automate your security.

Automation Icon
Memory/MFT Dumper

Perform deep forensics at scale using automated memory dumps.

Extension Icon
Maxmind (IP Geolocation)

Write detection and response rules that use the users current geo location as a parameter.

Extension Icon
Marketplace

Create extensions and share them on the LimaCharlie marketplace for profit or for free.

macOS Icon
macOS

Real-time telemetry collection, alerting and remediation on the macOS endpoints.

Extension Icon
Lookups & Threat Feeds Library

Subscribe to a number of threat feeds each at the click of a button.

Linux Icon
Linux

Real-time telemetry collection, alerting and remediation on the Linux endpoints.

Kubernetes Icon
Kubernetes

Real-time telemetry collection, alerting and remediation in the cloud.

Detection & Response Icon
Isolate From the Network

Isolate any endpoint from the network while maintaining a line of command and control.

Detection & Response Icon
IOC Search

Search for the indicators of compromise across you entire fleet over the last year.

Automation Icon
Infrastructure as Code

Spin up new tenants with custom configuration using an infrastructure as code approach.

Humio Icon
Humio

Forward events and detections to the Humio.com service.

Detection & Response Icon
Historical Threat Hunting

Easily run detection & response rules against historical telemetry.

Google Cloud Icon
Google Cloud Storage

Forward events and detections to a GCS bucket.

Google Cloud Icon
Google Cloud Pubsub

Forward events and detections to a Pubsub topic.

Google Cloud Icon
Google Cloud Platform

Automatically ingest and monitor Google Cloud Platform audit logs.

Detection & Response Icon
Forward to an Output

Easily forward the matched event to any external source via the Output functionality.

Microsegmentation Icon
Firewall Policies

Protect your network by filtering traffic and blocking outsiders from gaining unauthorized access.

File Integrity Monitoring Icon
File Integrity Monitoring

Automate integrity checks of files & registry values through pattern-based rules.

Sensor Icon
External Logs

Automatically ingest and monitor logs from any source.

Microsegmentation Icon
DNS Policies

Use your own custom DNS or create your own policies to connect to third party services.

Microsegmentation Icon
DNS Telemetry Policies

Create policies that determine when and how DNS telemetry is captured and processed.

Docker Icon
Docker

Real-time telemetry collection, alerting and remediation in the cloud.

Detection & Response Icon
Event Tree View

Shorthen the investigation by leveraging the visual tree view in LimaCharlie's web app.

Compliance Icon
Data Sovereignty

Control in which GCP region you want your data to be processed and stored.

Extension Icon
Custom Threat Feeds

Bring in your own threat feeds using our simple integration model for lookups.

Extension Icon
Custom Rulesets

Create your own custom ruleset to use across your organizations.

Detection & Response Icon
Custom False Positive Rules

Reduce noise by easily creating false positive rules.

Detection & Response Icon
Custom Detection & Response Rules

Create complex detection logic to detect malicious behaviour specific to your use case.

Admin Icon
Custom Branding

Customize LimaCharlie web application for your brand with your logo, colors and domain address.

Automation Icon
Custom Automation Rules

Scale your business by automating manual actions, processes, and workflows.

Cisco Talos Icon
Cisco Talos Blocklist

Write detection & response rules that check against the Cisco Talos IP blocklist.

Chronicle Icon
Chronicle Backstory

The integration with Backstory will allow for the global correlation between log and endpoint telemetry.

Catalog Icon
Chrome

Real-time telemetry collection, alerting and remediation in the Chrome browser.

Admin Icon
Centralized Billing

Set one billing for all organizations created by members of your domain.

Carbon Black Icon
Carbon Black

Automatically ingest and monitor CarbonBlack EDR logs & telemetry.

AWS Cloudtrail Icon
AWS Cloudtrail

Automatically ingest and monitor AWS Cloud Trail logs.

Atomic Red Team Icon
Atomic Red Team

Automate testing against the MITRE ATT&CK framework at scale.

Sensor Icon
Artifact Collection

Automatically ingest and monitor logs or artifacts from any endpoint.

Apache Kakfka Icon
Apache Kafka

Forward events and detections to a Kafka target.

Amazon S3 Icon
Amazon S3

Forward events and detections to an Amazon S3 bucket.

Abuse.ch Icon
Abuse.ch Lists

Leverage this list of cyber threats with a strong focus on malware and botnets.

1Password Icon
1Password

Automatically ingest and monitor 1password event logs.