Scalable solutions on demand

A multitenant design and an infrastructure as code (IaC) approach enables LimaCharlie users to spin up security software and supporting infrastructure tailored for specific use cases by applying templates.

A diagram showing Inputs and Outputs in LimaCharlie

Log & artifact monitoring

LimaCharlie offers the ability to bring in external logs and telemetry from any source. This data can be used to generate detections and it includes a full year of telemetry storage at no extra cost: all endpoint, network, and external logs telemetry as well as artifacts, retained for a full year.

Run detection rules across historical data or search for indicators of compromise (domains, IPs, hashes, usernames, and more) across one year of your organization’s artifacts and telemetry. Quickly see where the IoC has been seen as well as the first and last time it was observed on each host to scope the extent of the compromise. Identify the number of hosts where the indicator has been seen today, this week, and this month.

If you need to send the data elsewhere, you can do so without any limitations.

A strong Microsoft security posture

LimaCharlie offers a powerful set of capabilities that when combined create a strong security posture for organizations leveraging a Microsoft technology stack.

  • Capture and analyze Windows Event Logs (WEL) with complex detection logic in real-time.
  • Alert and automate based on various Windows Defender events.
  • Ingest and monitor Microsoft 365 and Active Directory telemetry in the cloud.
  • A powerful EDR with Sigma and YARA detections baked-in. An agent that runs on all versions of Windows back to XP SP II.
  • Eliminate the need for SSL interception by using the Microsoft Edge extension.
Microsoft graphic
LimaCharlie enables security engineers to gain control over their posture: full visibility, the ability to build workflows, and integrate with CI/CD pipelines. The stuff companies had to build in-house from scratch are provided on-demand, like lego blocks.
Picture of Jonathan Haas

Jonathan Haas

Lead SecOps, Carta

Security built for the cloud

LimaCharlie was built for the cloud. Deploy an EDR and monitoring capability to your cloud computing systems. Run the EDR as a privileged container in your Kubernetes cluster or simply use our Docker image. Optimize costs with auto-scaling, fine grained exfil control and automated sensor culling.

A powerful and flexible EDR

Respond to threats at wire speed and create powerful automations with LimaCharlie’s Detection, Automation & Response engine. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors.

Gain unparalled cost efficiencies by leveraging detections created by best-in-class security professionals using managed and open source rulesets. LimaCharlie provides one-click access to rulesets from a growing list of sources that include SOC Prime, Soteria, Sigma & YARA.

We can deploy sensors in minutes and adjust licensing on the fly, without having to jump over hurdles. This is a massive advantage over other cybersecurity players out there.
Picture of Glenn Starkman

Glenn Starkman

CEO, Soteria
API-first, feature parity and a common data format.
If I was to build a new cyber security company, I’d build it on top of this.
Picture of Philip Martin

Philip Martin

CSO, Coinbase

File and registry integrity monitoring

LimaCharlie's File & Registry Integrity Monitoring (FIM) capability will scan, analyze, and report on unexpected changes to important assets within any supported environment. In so doing, file integrity monitoring provides a critical layer of file, data, and application security, while also aiding in the acceleration of incident response.

Feature grid

Leverage existing security tools and detections

Leverage the work of best-in-class security professionals by using managed and open source detection and response rulesets such as Sigma & Soteria, threat feeds and lookups available in the LimaCharlie marketplace. Easily incorporate offered domains, IPs, file hashes, or other indicators of compromise when you write your own detection and response rules.

Retain full control & visibility of where your data comes from, how it is stored and processed, and where it goes. Conveniently manage all your data sharing rules in one place.

Continuous YARA scanning at scale

LimaCharlie users can make use of YARA file and memory scanning to identify malware. YARA provides a rule-based approach to create descriptions of malware families based on textual or binary patterns.

Use the continuous scanning mode to monitor your entire fleet on an ongoing basis without impacting performance on the endpoint.

YARA scanning
We can automate a significant portion of the tasks needed to operate the platform on a day-to-day basis, in a way that is scalable, repeatable, and self-documenting, using LimaCharlie’s APIs to do the heavy lifting.
Picture of Paul Ihme

Paul Ihme

Managing Principal, Soteria