Detection & Response Across Log Files


LimaCharlie’s Detection & Response (D&R) rules provide unmatched capabilities to customize specific behaviors and automate the response when detected. Up until now this feature was limited to data coming from endpoints. We recently introduced the ability to automatically fetch and ingest external logs onto LimaCharlie and knew right away we had to extend the D&R rules to those logs.

LimaCharlie has introduced the concept of D&R targets and you can now create D&R rules that specifically target different log types ingested. This means that, for example, you can create your own regular expressions that if matching a log line from your web proxy logs, generates a Detection. The possibilities are limitless.

The rules apply to any logs ingested, from the unstructured text logs to the raw Windows Event Logs and PCAP.

Information on log ingestion can be found in the documentation here, and information on log specific DR rules can be found here.

This concept of D&R targets opens up a whole new realm of possibilities and we are excited to explore new ways in which it can be applied. If you have any questions or would like a demo of our Security Infrastructure as a Service please do not hesitate to contact us.

D&R Targets

Christopher Luft

My name is Christopher Luft and I am an artist turned computer scientist turned something else.