Log & artifact monitoring
LimaCharlie offers the ability to bring in external logs and telemetry from any source. This data can be used to generate detections and it includes a full year of telemetry storage at no extra cost: all endpoint, network, and external logs telemetry as well as artifacts, retained for a full year.
Run detection rules across historical data or search for indicators of compromise (domains, IPs, hashes, usernames, and more) across one year of your organization’s artifacts and telemetry. Quickly see where the IoC has been seen as well as the first and last time it was observed on each host to scope the extent of the compromise. Identify the number of hosts where the indicator has been seen today, this week, and this month.
If you need to send the data elsewhere, you can do so without any limitations.
A strong Microsoft security posture
LimaCharlie offers a powerful set of capabilities that when combined create a strong security posture for organizations leveraging a Microsoft technology stack.
- Capture and analyze Windows Event Logs (WEL) with complex detection logic in real-time.
- Alert and automate based on various Windows Defender events.
- Ingest and monitor Microsoft 365 and Active Directory telemetry in the cloud.
- A powerful EDR with Sigma and YARA detections baked-in. An agent that runs on all versions of Windows back to XP SP II.
- Eliminate the need for SSL interception by using the Microsoft Edge extension.
Jonathan HaasLead SecOps, Carta
Security built for the cloud
LimaCharlie was built for the cloud. Deploy an EDR and monitoring capability to your cloud computing systems. Run the EDR as a privileged container in your Kubernetes cluster or simply use our Docker image. Optimize costs with auto-scaling, fine grained exfil control and automated sensor culling.
A powerful and flexible EDR
Respond to threats at wire speed and create powerful automations with LimaCharlie’s Detection, Automation & Response engine. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors.
Gain unparalled cost efficiencies by leveraging detections created by best-in-class security professionals using managed and open source rulesets. LimaCharlie provides one-click access to rulesets from a growing list of sources that include SOC Prime, Soteria, Sigma & YARA.
Glenn StarkmanCEO, Soteria
API-first, feature parity and a common data format.
Philip MartinCSO, Coinbase
File and registry integrity monitoring
LimaCharlie's File & Registry Integrity Monitoring (FIM) capability will scan, analyze, and report on unexpected changes to important assets within any supported environment. In so doing, file integrity monitoring provides a critical layer of file, data, and application security, while also aiding in the acceleration of incident response.
Leverage existing security tools and detections
Leverage the work of best-in-class security professionals by using managed and open source detection and response rulesets such as Sigma & Soteria, threat feeds and lookups available in the LimaCharlie marketplace. Easily incorporate offered domains, IPs, file hashes, or other indicators of compromise when you write your own detection and response rules.
Retain full control & visibility of where your data comes from, how it is stored and processed, and where it goes. Conveniently manage all your data sharing rules in one place.
Continuous YARA scanning at scale
LimaCharlie users can make use of YARA file and memory scanning to identify malware. YARA provides a rule-based approach to create descriptions of malware families based on textual or binary patterns.
Use the continuous scanning mode to monitor your entire fleet on an ongoing basis without impacting performance on the endpoint.