Contents x
    API Integrations
    • 13 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    API Integrations

    • Updated on 13 Nov 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Mechanics

    Functionally, API-based lookups operate exactly the same as using the normal lookup operator, with one addition: metadata_rules. The rule will pass a value to the lookup, wait for a response, and then evaluate the response using metadata_rules.

    The operators within metadata_rules are evaluated exactly the same as any other rule, except they additionally evaluate the lookup's response. The response actions will only run if the metadata_rules criteria are met.

    Configuration

    When subscribed, API keys can be managed within the Integrations menu, available under Organizaiton Settings in the web app:

    image.png

    Users who wish to view and/or edit API keys will need to have the following permissions:

    • org.conf.get

    • org.conf.set

    Available Lookups

    LimaCharlie offers multiple API lookups for telemetry and D&R rule enrichment, allowing you to make higher fidelity detections that rely on API-based metadata. The list of available API-based integrations are under this page in the left-side navigation menu. Don't see an integration that you want? Let us know!

    Was this article helpful?
    Related articles
    What's Next