It is now possible to interact with an organization’s endpoints in real-time by utilizing the LimaCharlie live-view interface. In the list of endpoints accessible through the web application you can select to open the live-view for any agent reporting as online.
Through the live-view you can accomplish the following:
Get general information about the sensor.
Apply and remove tags.
Select which events get sent to the cloud. There are a total of 52 events to choose from. Documentation can be found here.
Send commands directly to the sensor. This include isolating it from the network which maintaining a command and control connection.
View a live-stream of events as they are taking place on the endpoint.
Retrieve a list of processes, drill down into the details and check file hashes against VirusTotal’s public API.