LimaCharlie’s Detection & Response (D&R) rules provide unmatched capabilities to customize specific behaviors and automate the response when detected. Up until now this feature was limited to data coming from endpoints. We recently introduced the ability to automatically fetch and ingest external logs onto LimaCharlie and knew right away we had to extend the D&R rules to those logs.
LimaCharlie has introduced the concept of D&R targets and you can now create D&R rules that specifically target different log types ingested. This means that, for example, you can create your own regular expressions that if matching a log line from your web proxy logs, generates a Detection. The possibilities are limitless.
The rules apply to any logs ingested, from the unstructured text logs to the raw Windows Event Logs and PCAP.
This concept of D&R targets opens up a whole new realm of possibilities and we are excited to explore new ways in which it can be applied. If you have any questions or would like a demo of our Security Infrastructure as a Service please do not hesitate to contact us.