Using Extensions¶
Components¶
Extensions can be interacted with using two main components:
Configurations¶
Extension Configurations are records in Hive. Each Extension has its configuration in the Hive record of the same name in the extension_configuration Hive.
These configurations are manipulated by simply storing the value in the record, LimaCharlie takes care of validating and notifying the Extension with the new value.
Configurations are a great way of storing rarely-written settings for an Extension without the developer of the Extension having to manage secure storage for it.
The structure of the configuration for a given Extension is published by the Extension via its "schema".
Schemas are available through the Schema API or the LimaCharlie CLI: limacharlie extension schema --help.
Requests¶
Requests are, as the name implies, direct individual requests to an Extension. A request contains an "action" and a "payload" (JSON object) to be sent to the Extension. Some requests can be flagged to have the Extension impersonate the requester (identity and permissions) during execution.
The "action" and "payload" entirely depends on the Extension it is destined to. The list of actions and individual payload structures available for an Extension is documented by each Extension using the "schema" they publish.
Schemas are available through the Schema API or the LimaCharlie CLI: limacharlie extension schema --help.
Interacting¶
Interactively¶
The LimaCharlie webapp automatically displays a machine-generated user interface for each Extension based on the schema it publishes.
Automation¶
Detection & Response Rules, the main automation mechanism in LimaCharlie can interact with Extensions using the extension request action in the Response component.
API¶
Extensions can be interacted with using a few different APIs:
- Getting the schema for an Extension: https://api.limacharlie.io/static/swagger/#/Extension-Schema
- Making requests to an Extension: https://api.limacharlie.io/static/swagger/#/Extension-Request
LimaCharlie Extensions allow users to expand and customize their security environments by integrating third-party tools, automating workflows, and adding new capabilities. Organizations subscribe to Extensions, which are granted specific permissions to interact with their infrastructure. Extensions can be private or public, enabling tailored use or broader community sharing. This framework supports scalability, flexibility, and secure, repeatable deployments.
Programmatic Management¶
Prerequisites
All API examples require an API key with the extension permission. See API Keys for setup.
List Subscribed Extensions¶
package main
import (
"fmt"
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
extensions, _ := org.Extensions()
fmt.Println(extensions)
}
List Available Extensions¶
There is no dedicated Go SDK method for listing all available extensions. Use the REST API directly.
Subscribe to an Extension¶
package main
import (
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
_ = org.SubscribeToExtension("ext-reliable-tasking")
}
Unsubscribe from an Extension¶
package main
import (
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
_ = org.UnsubscribeFromExtension("ext-reliable-tasking")
}
Call an Extension (Request)¶
from limacharlie.client import Client
from limacharlie.sdk.organization import Organization
from limacharlie.sdk.extensions import Extensions
client = Client(oid="YOUR_OID", api_key="YOUR_API_KEY")
org = Organization(client)
result = Extensions(org).request(
extension_name="ext-reliable-tasking",
action="list_jobs",
data={},
)
print(result)
package main
import (
"fmt"
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
var resp limacharlie.Dict
_ = org.ExtensionRequest(
&resp,
"ext-reliable-tasking",
"list_jobs",
limacharlie.Dict{},
false,
)
fmt.Println(resp)
}
Get Extension Schema¶
package main
import (
"fmt"
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
schema, _ := org.GetExtensionSchema("ext-reliable-tasking")
fmt.Println(schema)
}
Extension Configuration CRUD¶
Extension configurations are stored in the extension_config Hive. Use the CLI or Hive API to manage them.
List Configs¶
package main
import (
"fmt"
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
hive := limacharlie.NewHiveClient(org)
configs, _ := hive.List(limacharlie.HiveArgs{
HiveName: "extension_config",
PartitionKey: "YOUR_OID",
})
fmt.Println(configs)
}
Get Config¶
package main
import (
"fmt"
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
hive := limacharlie.NewHiveClient(org)
config, _ := hive.Get(limacharlie.HiveArgs{
HiveName: "extension_config",
PartitionKey: "YOUR_OID",
Key: "ext-reliable-tasking",
})
fmt.Println(config)
}
Set Config¶
from limacharlie.client import Client
from limacharlie.sdk.organization import Organization
from limacharlie.sdk.hive import Hive, HiveRecord
client = Client(oid="YOUR_OID", api_key="YOUR_API_KEY")
org = Organization(client)
Hive(org, "extension_config").set(HiveRecord(
name="ext-reliable-tasking",
data={"setting_a": "value1"},
enabled=True,
))
package main
import (
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
hive := limacharlie.NewHiveClient(org)
enabled := true
hive.Add(limacharlie.HiveArgs{
HiveName: "extension_config",
PartitionKey: "YOUR_OID",
Key: "ext-reliable-tasking",
Data: limacharlie.Dict{"setting_a": "value1"},
Enabled: &enabled,
})
}
Delete Config¶
package main
import (
limacharlie "github.com/refractionPOINT/go-limacharlie/limacharlie"
)
func main() {
client, _ := limacharlie.NewClient(limacharlie.ClientOptions{
OID: "YOUR_OID",
APIKey: "YOUR_API_KEY",
})
org := limacharlie.NewOrganization(client)
hive := limacharlie.NewHiveClient(org)
hive.Remove(limacharlie.HiveArgs{
HiveName: "extension_config",
PartitionKey: "YOUR_OID",
Key: "ext-reliable-tasking",
})
}