API Integrations
  • 15 Oct 2024
  • 1 Minute to read
  • Contributors
  • Dark
    Light

API Integrations

  • Dark
    Light

Article summary

Mechanics

Functionally, API-based lookups operate exactly the same as using the normal lookup operator, with one addition: metadata_rules. The rule will pass a value to the lookup, wait for a response, and then evaluate the response using metadata_rules.

The operators within metadata_rules are evaluated exactly the same as any other rule, except they additionally evaluate the lookup's response. The response actions will only run if the metadata_rules criteria are met.

Configuration

When subscribed, API keys can be managed within the Integrations menu, available under Organizaiton Settings in the web app:

image.png

Users who wish to view and/or edit API keys will need to have the following permissions:

  • org.conf.get

  • org.conf.set

Available Lookups

LimaCharlie offers multiple API lookups for telemetry and D&R rule enrichment, allowing you to make higher fidelity detections that rely on API-based metadata. Don't see an integration that you want? Let us know!

API Limits

Note that API keys often have limits associated with them. If you run out of quota on your API keys, LimaCharlie will often cease lookups until the timeout or quota period has been reinstated.


Was this article helpful?


What's Next