100+ CAPABILITIES & INTEGRATIONS

An ecosystem of powerful technologies


Get the security tools that your business needs on-demand. An ever-growing set of capabilities that can be used to automate and manage security operations at scale.

Get Started FreeBook a demo
SCP Icon
SCP

Forward events and detections over SCP (SSH file transfer).

Output Icon
Webhook (bulk)

Forward batches of events, detections, audits, deployments or artifacts through a POST webhook.

Output Icon
SMTP

Forward individually each event, detection, audit, deployment or log through an email.

Google Cloud Icon
Google Cloud BigQuery

Output events and detections to a Google Cloud BigQuery Table.

Slack

Monitor and write detections against Slack audit logs.

Output Icon
Syslog

Forward events and detections to a syslog target.

Google Cloud Icon
Google Cloud Pubsub

Forward events and detections to a Pubsub topic.

Google Cloud Icon
Google Cloud Storage

Forward events and detections to a GCS bucket.

Python CLI Icon
Python CLI

Interact with Sensors in real-time and leverage advanced hunter capabilities.

Automation Icon
REST API

Full-featured and well-documented REST API that enables full flexibility at scale.

Automation Icon
Windows Event Logs

Monitor Windows Event Logs in real-time and write custom rules to detect malicious behavior.

Extension Icon
Maxmind (IP Geolocation)

Write detection and response rules that use the users current geo location as a parameter.

Chronicle Icon
Chronicle Backstory

The integration with Backstory will allow for the global correlation between log and endpoint telemetry.

Sensor Icon
Sensor Cull

Continuous cleaning of sensors that have not connected to your organization in a number of days.

PagerDuty Icon
PagerDuty

Trigger events within PagerDuty from LimaCharlie to streamline security operations.

MISP Icon
MISP Lists

Leverage the world's largest open source threat intelligence platform.

Extension Icon
Custom Threat Feeds

Bring in your own threat feeds using our simple integration model for lookups.

Extension Icon
Marketplace

Create extensions and share them on the LimaCharlie marketplace for profit or for free.

Slack

Output detections and audit (only) to a Slack community and channel.

Microsoft Defender logo
Microsoft Defender

Bring the logs from Defender for Endpoints or Defender for Cloud.

Accelerate response, eliminate manual work, and deliver the best possible protection.
Torq

No-code Security Automation. Accelerate response, eliminate manual work, and deliver the best possible protection.

Automation Icon
Custom Automation Rules

Scale your business by automating manual actions, processes, and workflows.

Microsoft Defender Icon
Microsoft Defender

Leverage the Defender integration to generate alerts and automate your security.

Automation Icon
Responder

Automate the initial assessment after an incident using the sweep tool.

Automation Icon
Memory/MFT Dumper

Perform deep forensics at scale using automated memory dumps.

Microsoft Windows Logo
Windows Event Logs

Collect WEL without deploying the LimaCharlie agent on the endpoint.

Securely Automate Every Step of Your Software Workflow. Stay Focused on What Matters Most. Build More and Ship Fast with GitHub Actions, the Native CI/CD Solution Built for GitHub. Developer- Led Learning. Free Trial. 24/7 Support. Automate Workflows.
Github

Secure your CI/CD pipeline by ingesting and monitoring GitHub audit logs

Automation Icon
Infrastructure as Code

Spin up new tenants with custom configuration using an infrastructure as code approach.

Remove barriers to efficient, effective, and integrated threat detection with the world’s first purple teaming platform. Whether you’re an analyst or a CISO, a red teamer or a blue teamer, SnapAttack unlocks the potential of your security operations.
SnapAttack

Threat-informed cyber operations: advanced detection rules for any platform.

Detection & Response Icon
Custom Detection & Response Rules

Create complex detection logic to detect malicious behaviour specific to your use case.

Detection & Response Icon
Custom False Positive Rules

Reduce noise by easily creating false positive rules.

Detection & Response Icon
Report Detection

Report a detection to your security team across a multitude of channels.

Detection & Response Icon
Soteria Ruleset

Subscribe to a comprehensive privately managed detection ruleset .

Detection & Response Icon
Send Commands

Easily run commands on the endpoint through the web application or CLI.

Detection & Response Icon
Payloads

Run any executable or script on the endpoint on-demand or automatically across your fleet.

Sensor Icon
Telemetry Storage

One year of complete telemetry storage by default, at no extra cost.

Detection & Response Icon
Send Service Request

Perform asynchronous requests to any service a given organization is subscribed to.

Detection & Response Icon
Sigma Ruleset

Subscribe to a comprehensive detection rule set maintained by the Sigma open source community.

Detection & Response Icon
Forward to an Output

Easily forward the matched event to any external source via the Output functionality.

Detection & Response Icon
Isolate From the Network

Isolate any endpoint from the network while maintaining a line of command and control.

Detection & Response Icon
Event Tree View

Shorten investigation time by leveraging the visual tree view in LimaCharlie's web app.

Compliance Icon
Role-Based Access Control

Advanced role-based access (RBAC) and fine grained permissions makes managing users easy.

Compliance Icon
Platform Logs

Everything that takes place in LimaCharlie is captured in management, error, and audit logs.

Sensor Icon
Sensor Actions

Take actions towards remediation (kill processes, isolate from the network, and more).

Tines Icon
Tines

Leverage the Tines no-code security automation platform to automate your security workflows.

Twillio Icon
Twillio

Trigger Twilio alerts based on detection & response rules.

VirusTotal Icon
VirusTotal

Make VT part of your detection & response rules to automate response in real-time.

Admin Icon
Custom Branding

Customize the LimaCharlie web application for your brand with your logo, colors and domain address.

1Password Icon
1Password

Automatically ingest and monitor 1Password event logs.

Carbon Black Icon
Carbon Black

Automatically ingest and monitor Carbon Black EDR logs & telemetry.

Detection & Response Icon
Historical Threat Hunting

Easily run detection & response rules against historical telemetry.

Detection & Response Icon
IOC Search

Search for indicators of compromise across your entire fleet over the last year.

Google Cloud Icon
Google Cloud Platform

Automatically ingest and monitor Google Cloud Platform audit logs.

File Integrity Monitoring Icon
File Integrity Monitoring

Automate integrity checks of files & registry values through pattern-based rules.

Sensor Icon
External Logs

Automatically ingest and monitor logs from any source.

Docker Icon
Docker

Real-time telemetry collection, alerting and remediation in the cloud.

Admin Icon
Multitenancy

True multitenancy makes scaling operations simple and efficient.

Crowdstrike

Automatically ingest and monitor Crowdstrike EDR logs & telemetry.

Duo's modern access security is designed to safeguard all users, devices, and applications — so you can stay focused on what you do best.
Duo

Automatically ingest and monitor Duo event logs in real-time.

Microsoft Office 365 logo
Microsoft Office 365

Bring Microsoft Office 365 logs into LimaCharlie.

Automation Icon
YARA Scanning

Run scans on demand or continuously across the entire fleet without impacting performance.

Flexible, intuitive, and interactive way to explore data in LimaCharlie
Query Console

Flexible, intuitive, and interactive way to explore data in LimaCharlie.

Windows Icon
Windows

Real-time telemetry collection, alerting and remediation on the Windows endpoints.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
Single Sign On

Allows a user to log in with a single ID to any of several related, yet independent, software systems.

Sensor Icon
Sensor Grouping

Group sensors with tags for automation and remediation at scale.

Sensor Icon
Sensor Commands

Interact with a sensor's host for investigation, management, or threat mitigation purposes.

Edge Icon
Microsoft Edge

Real-time telemetry collection, alerting and remediation in the Edge browser.

Extension Icon
Lookups & Threat Feeds Library

Subscribe to a number of threat feeds each at the click of a button.

macOS Icon
macOS

Real-time telemetry collection, alerting and remediation on the macOS endpoints.

Linux Icon
Linux

Real-time telemetry collection, alerting and remediation on the Linux endpoints.

Output Icon
Webhook

Forward individually each event, detection, audit, deployment or artifact through a POST webhook.

Sensor Icon
Reliable Tasking

Task a sensor (or set of sensors) that are currently offline.

Output Icon
SFTP

Forward events and detections to any external source over SFTP.

Extension Icon
Velociraptor

Targeted collection of digital forensic evidence across your endpoints.

Admin Icon
User Groups

Manage staff at scale using group permissions.

Kubernetes Icon
Kubernetes

Real-time telemetry collection, alerting and remediation in the cloud.

Apache Kakfka Icon
Apache Kafka

Forward events and detections to a Kafka target.

Amazon S3 Icon
Amazon S3

Forward events and detections to an Amazon S3 bucket.

Admin Icon
Centralized Billing

Set one billing for all organizations created by members of your domain.

Catalog Icon
Chrome

Real-time telemetry collection, alerting and remediation in the Chrome browser.

Sensor Icon
Artifact Collection

Automatically ingest and monitor logs or artifacts from any endpoint.

Atomic Red Team Icon
Atomic Red Team

Automate testing against the MITRE ATT&CK framework at scale.

Extension Icon
Custom Rulesets

Create your own custom ruleset to use across your organizations.

AWS Cloudtrail Icon
AWS Cloudtrail

Automatically ingest and monitor AWS Cloud Trail logs.

AlienVault Icon
AlienVault OTX

Continuously import all your Open Threat Exchange pulses and the relevant D&R rules.

Zeek Icon
Zeek Network Security Monitor

Run the Zeek tool on ingested PCAPs for network traffic analysis.

Compliance Icon
Data Sovereignty

Control in which GCP region you want your data to be processed and stored.

Cisco Talos Icon
Cisco Talos Blocklist

Write detection & response rules that check against the Cisco Talos IP blocklist.

Abuse.ch Icon
Abuse.ch Lists

Leverage this list of cyber threats with a strong focus on malware and botnets.

Copyright © LimaCharlie 2024