API Integrations¶
API Integrations let D&R rules and lookups query external services for context — threat intelligence reputation, IP geolocation, ASN lookups, and similar enrichment sources. Each integration is read-only: it pulls data from the external service into LimaCharlie at evaluation time.
When to use an API Integration vs Cloud CLI¶
- API Integrations — read from an external service to enrich a detection (this section).
- Cloud CLI — write actions into a cloud service as a response (e.g., disable a user, isolate an instance).
The two complement each other: API integrations add context to detections; Cloud CLI takes action on them.
Available Integrations¶
- AlphaMountain — domain reputation
- EchoTrail — Windows process baselining
- GreyNoise — internet noise / scanner data
- Hybrid Analysis — file analysis
- IP ASN — IP-to-ASN lookups
- IP Geolocation — IP-to-location lookups
- Pangea — multi-source intel via Pangea
- VirusTotal — file / URL / domain reputation