LC Agent 4.3.3 Changes

 

The LimaCharlie Agent is now available in version 4.3.3.

To upgrade your Organization, all you have to do is head to the "Sensor Downloads" section, and click the "Update to New Version" button. This will bring all of your agents up to the latest Stable version. If you notice any issues - although none are expected - you can always click the "Restore Previous Version" button to downgrade to the previous Stable version.

Now that the housekeeping is done, what's new?

  1. Quality of life bug fixes around directory listings and Yara system-wide scans.
    1. Investigation IDs are now propagated in the results of Yara scans.
    2. Directory listings now report full absolute file paths for every item, making recursive listing easier to interpret.
    3. Directory listings now interpret the file name pattern case insensitively on Windows.
  2. We've added a "reg_list" command to list the keys and values in a Windows registry on demand.
  3. We've added a "dir_find_hash" command to look for specific hashes in files given a starting directory, a file name pattern and a recursion depth.

These changes are mainly in support to the new LC Python API (2.0.0) and its new Spot Check capability to make organization-wide hunts for IOCs easier (see our other blog post dedicated to this topic).