Automated YARA Scanning
The YARA service is designed to help you with all aspects of YARA scanning. It takes what is normally a manual piecewise process, provides a framework and automates it.
Once configured, YARA scans can be run on demand for a particular endpoint or continuously in the background across your entire fleet.
Log Ingestion & Indexing
The External Logs system allows you to ingest external log types like:
Plain Text Logs (syslog for example)
Windows Event Logs
Those logs can be ingested from hosts running a LimaCharlie sensor, or they can be pushed to the LimaCharlie platform via a REST interface.
Once ingested, the logs are retained and made available to you for one year. Ingested logs are also indexed similarly to LimaCharlie events. This means that you can search all of your logs for the last year for Indicators like IP Addresses, Domain Names, User Names, Hashes etc.
Replay lets you run Detection & Response (D&R) rules against historical endpoint telemetry and log files. This feature is available through the web application as a service, through the REST API or through the Python SDK.
This ability to retroactively apply D&R rules to the LimaCharlie telemetry is very powerful and through the use of the API can be used to build Continuous Delivery (CD) / Continuous Integration (CI) into detection systems.
The Responder service is able to perform various incident response tasks for you in the form of a sweep.
A sweep is an in-depth look through the state of a host. The sweep will highlight parts of the activity that are suspicious. This provides you with a good starting position when beginning an investigation. It allows you to focus on the important things right away.
The Exfil service allows you to customize which events should be sent to the cloud in real-time. This is done using an Event List which describes specific event types. And using a Watch list which describes a pattern that when found within a specific event type, will trigger the event to be sent to the cloud.
File Integrity Monitoring
The integrity service helps you manage all aspects of File and Registry integrity monitoring.