LimaCharlie Extensions

The Artifact Extension provides low-level collection capabilities which can be configured to run automatically via Detection & Response rules, Sensor collections, or pushed via REST API. When enabled, an Artifact Collection menu will be avai...

LimaCharlie CLI Extension allows you to issue LimaCharlie CLI commands using extension requests. Repo - https://github.com/refractionPOINT/python-limacharlie You may use a D&R rule to trigger a LimaCharlie CLI event. For example the ...

Binary Library, or "BinLib", is a collection of executable binaries, such as EXE or ELF, files that have been observed within your environment. If enabled, this Extension helps you build your own private collection of observed executables for subs...

The Dumper Extension provides the ability to do dumping of several forensic artifacts on Windows hosts. It supports a single action, which is to dump. It supports multiple targets -- memory to dump the memory of the host, and mft to dump the ...

The Exfil Extension helps manage which real-time events get sent from EDR Sensors to LimaCharlie. By default, LimaCharlie Sensors send events to the cloud based on a standard profile. This extension exposes those profiles for customization. ...

The Git Sync Extension is a tool that automates the management of Infrastructure-as-Code ( IaC ) configurations. It simplifies the process of deploying and managing infrastructure by synchronizing changes between a Git repository and target orga...

The Infrastructure Extension allows you to perform infrastructure-as-code ( IaC ) modifications to your Organization . IaC modifications can be made in the web UI or via the LimaCharlie CLI tool . Users can create new organizations from known te...

The Integrity Extension helps you manage all aspects of File or Registry Integrity Monitoring (FIM and RIM, respectively). This extension automates integrity checks of file system and registry values through pattern-based rules. Enabling the Inte...

The Lookup Manager Extension allows you to create, maintain & automatically refresh lookups in the Organization to then reference them in Detection & Response Rules. The saved Lookup Configurations can be managed across tenants using I...

Payloads , such as scripts, pre-built binaries, or other files, can be deployed to LimaCharlie sensors for any reason necessary. One method of adding payloads to an Organization is via the web UI on the payloads screen. This is suitable for ad-h...

LimaCharlie LABS The Playbook Extension allows you to execute Python playbooks within the context of your Organization in order to automate tasks and customize more complex detections. The playbooks themselves are managed in the playbook ...

The Reliable Tasking Extension enables you to task a Sensor (s) that are currently offline. The extension will automatically send the task(s) to Sensor(s) once it comes online. Enabling the Reliable Tasking Extension To enable the Reliable Task...

The Sensor Cull Extension performs continuous cleaning of "old" Sensors that have not connected to an Organization within a set period of time. This is useful for environments with cloud deployments or VM/template-based deployments that may en...

The usage alerts Extension allows you to create, maintain, & automatically refresh usage alert conditions for an Organization . For example, you can create a usage alert rule that will fire a detection when artifact downloads have reached a...

The YARA manager Extension allows you to reference external YARA rules (rules maintained in GitHub, for example) to use in your YARA scans within LimaCharlie. YARA rule sources defined in the YARA manager configuration will be synced every 24 h...