LimaCharlie allows you to extend the capability of the platform via various add-ons. These can be enabled via the add-ons marketplace.
Types of Add-Ons
We categorize our add-ons into three different categories, depending on the functionality or method in which the add-on augments the LimaCharlie platform.
apiadd-ons are tightly integrated add-ons that enable LimaCharlie's core features
lookupadd-ons are lists of values that can be used in detection and response rules to match known threat indicators.
serviceadd-ons are cloud services that can perform jobs on behalf of or add new capabilities to an organization.
Subscribing to Add-ons
Add-ons can be found and added to organizations through the add-ons marketplace or by searching from within the Add-ons view in an organization (see below). The description of the add-on may include usage information about how to use it once it's installed.
The following add-ons enable additional functionality in the web application:
atomic-red-team- scan Windows sensors right from their
Exfil Controlto configure which events should be collected per platform
Templatesin the UI to manage org config in
insight- enables retention & browsing events and detections via
Artifact Collectionto configure which paths to collect from
replay- adds a component next to D&R rules for testing them against known / historical events
responder- sweep sensors right from their
Overviewpage to find preliminary IoCs
YARA Scannersview to pull in sources of YARA rules and automate scans with them
Users can create their own add-ons and optionally share them in the marketplace. Add-ons are your property, but may be evaluated and approved / dismissed due to quality or performance concerns. If you are not sure, contact us.
You can publish add-ons of your own from within the Published add-ons view when logged in to the web application.
Creating an add-on does not immediately grant the organizations you're a member of access to it. After creating it, you must still subscribe each organization to your add-on.
When making an add-on public, keep these in mind to ensure your add-on is understood and has a good chance at adoption:
- Test it!
- Make the purpose and usage of the add-on clear for users not aware of the capability.
- Include a link to more information if possible.
- Your email address will be included in the add-on description. If you plan on publishing many rules, you may want to create a separate account specifically for the purpose of being an add-on owner.
Are you interested in creating an add-on or developing another project for LimaCharlie? Check out our Developer Grant Program.