LimaCharlie provides human driven expert algorithms and artificial intelligence using our Replicant framework. The Replicants act as semi-autonomous synthetic analysts that perform tasks on demand for a particular endpoint or on an ongoing basis across an entire fleet. These are specialized tools that perform tasks that would normally be performed by humans. The Replicants are autonomous within the scope of their domain and are meant to augment human capacity.
Currently there are three Replicants available with more in development.
The YARA Replicant enables you to run YARA scans across your entire fleet on an ongoing basis or on demand for a particular endpoint. It pulls YARA signatures from publicly available or private sources and the detections that it produces can be caught by custom endpoint detection and response rules.
The Responder Replicant targets endpoints on demand and performs an in-depths sweep of the host highlighting any suspicious activity. This action will provide an analyst with a good starting position when beginning an investigation and allow them to focus in on the important stuff right away.
The Integrity Replicant uses rules to to define which file path patterns and registry patterns should be monitored for changes on a specific set of hosts. This Replicant allows an analyst to define which hosts it monitors based on tags and uses regex to define which files, directories or registries to watch. Once it is setup it runs automatically in the background and will fire an alert whenever something changes.
All Replicants produce incident reports that include relevant information from their findings.