About five months ago the team at LimaCharlie launched a framework for automation that was built around the idea of Replicants. A Replicant was to be a digital automaton: a platform for building algorithms that could be configured by the user to automate away some of the drudgery.
The platform worked exceedingly well in that it allowed us to build out a wide variety of capabilities quickly. The Replicants were able to perform complex tasks on-demand for a single endpoint or continuously across the entire fleet.
The problem with the Replicants, as we came to understand it, was with the mental model. The concept worked great for us as developers building out the capabilities but it did not fit when thinking about it from the perspective of a user. The interface was awkward and having the Replicants grouped together did not make a lot of sense.
After spending some time thinking about it we came to the conclusion that users did not care about the Replicants but rather what they could do for them. Replicants use their individual abilities to do jobs and provide said abilities as a service. And so we refactored the technology to provide users with a set of services that can perform jobs at the user’s request.
We still use the Replicant platform on the backend to build out our services but now deliver the services that they offer using a familiar pattern.
Services are provided through the main navigation menu and with them you can automate YARA scanning, run detection and response rules against historical data, perform file integrity monitoring, automate incident response tasks and adjust your telemetry verbosity with more to come.
The process of arriving at this new delivery model has been an interesting one and exemplifies the benefits of being an early stage company adhering to an agile development philosophy. Instinct often drives us towards the core of a problem and through an iterative process the solution can be honed.