In the interest of helping users get up to speed with the more advanced capabilities of the LimaCharlie infrastructure, along with our online course, we are now producing code labs.
Code labs are guided exercises that walk the user through the process of implementing a solution using components of LimaCharlie. During the process each step is explained in detail which should leave the user with a "hands-on" understanding of the underlying technology.
For our first code lab we have chosen to explore the implementation of a Detection & Response (DR) rule to detect the MITRE ATT&CK framework Control Panel Items execution. DR rules are similar to Google Cloud Functions or AWS Lambda. They enable you to push DR logic to the LimaCharlie cloud where it will be applied in real-time to the data produced by the sensors (or agents). DR rules can also be applied to historical telemetry and external logs. For this lab we focus on the simple case where rules are applied to sensor events in real-time.
We believe this new format will go a long way in helping LimaCharlie users get the most out of our Security Infrastructure as a Service.
The code lab can be viewed here.
If you have an idea for our next topic please let us know. Happy hunting!