LimaCharlie Log In
v2
v1
Deprecated
v2
Contents
x
Getting Started
Sensors
Query Console
Detection and Response
Events
Platform Management
Outputs
Add-Ons
FAQ
Release Notes
Powered by
Output Destinations
19 Articles
in this category
Contributors
+ 1
Share this
Print
Share
Dark
Light
Contents
Output Destinations
19 Articles
in this category
+ 1
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
and 1 others
Share
Dark
Light
Amazon S3
Output events and detections to an Amazon S3 bucket. If you have your own visualization stack, or you just need the data archived, you can output directly to Amazon S3. This way you don't need any infrastructure. bucket : the path to the AWS S3...
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
Updated on : 05 Oct 2024
Apache Kafka
Output events and detections to a Kafka target. dest_host : the IP or DNS and port to connect to, format kafka.myorg.com . is_tls : if true will output over TCP/TLS. is_strict_tls : if true will enforce validation of TLS certs. ...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Azure Event Hub
Output events and detections to an Azure Event Hub (similar to PubSub and Kafka). connection_string : the connection string provided by Azure. Note that the connection string should end with ;EntityPath=your-hub-name which is sometimes miss...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Azure Storage Blob
Output events and detections to a Blob Container in Azure Storage Blobs. secret_key : the secret access key for the Blob Container. blob_container : the name of the Blob Container to upload to. account_name : the account name used to aut...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Elastic
Output events and detections to Elastic . addresses : the IPs or DNS where to send the data to. index : the index name to send data to. username : user name if using username/password auth. (use either username/password -or- API key) ...
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
Updated on : 05 Oct 2024
Google Cloud BigQuery
Output events and detections to a Google Cloud BigQuery Table. For a practical use case of this output, see this tutorial on pushing Velociraptor data to BigQuery . schema : describes the column names, data types, and other information; should...
+ 1
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
and 1 others
Updated on : 10 Dec 2024
Google Cloud Pubsub
Output events and detections to a Pubsub topic. secret_key : the secret json key identifying a service account. project : the GCP Project name where the Topic lives. topic : use this specific value as a topic. Example: project: my-p...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Google Cloud Storage
Output events and detections to a GCS bucket. Looking for Google Chronicle? If you already use Google Chronicle, we make it easy to send telemetry you've collected in LimaCharlie to Chronicle. You can get that set up by creating an Output in ...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Humio
Output events and detections to the Humio.com service. humio_repo : the name of the humio repo to upload to. humio_api_token : the humio ingestion token. endpoint_url : optionally specify a custom endpoint URL, if you have Humio deploy...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
OpenSearch
Output events and detections to OpenSearch . addresses : the IPs or DNS where to send the data to index : the index name to send data to username : user name if using username/password auth password : password if using username/pass...
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
Updated on : 05 Oct 2024
SCP
Output events and detections over SCP (SSH file transfer). dest_host : the ip:port where to send the data to, like 1.2.3.4:22 . dir : the directory where to output the files on the remote host. username : the SSH username to log in with...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
SFTP
Output events and detections over SFTP. dest_host : the ip:port where to send the data to, like 1.2.3.4:22 . dir : the directory where to output the files on the remote host. username : the username to log in with. password : option...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Slack
Output detections and audit (only) to a Slack community and channel. slack_api_token : the Slack provided API token used to authenticate. slack_channel : the channel to output to within the community. Example: slack_api_token: sample_ap...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
SMTP
One option to export data from LimaCharlie is via SMTP, allowing you to send emails directly to a ticketing inbox or send high-priority detections to an on-call, shared email. To utilize SMTP output, you will need: An SMTP server that utilizes S...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Splunk
To send data from LimaCharlie to Splunk, you will need to configure an Output. Want to reduce Splunk spend? Watch the webinar recording to learn about using LimaCharlie to reduce spending on Splunk and other high-cost security data solution...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Syslog
Syslog (TCP) Output events and detections to a syslog target. dest_host : the IP or DNS and port to connect to, format www.myorg.com:514 . is_tls : if true will output over TCP/TLS. is_strict_tls : if true will enforce validation o...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Tines
Output events and detections to Tines . dest_host : the Tines-provided Webhook URL Example: dest_host: https://something.tines.com/webhook/de2314c5f6246d17e82bf7b5742c9eaf/2d2dbcd2ab3845e9592d33c0526bc123 Detections or events sent to ...
Written by
Matt Bromiley
,
Whitney Champion
,
Eric Capuano
Updated on : 05 Oct 2024
Webhook
Output individually each event, detection, audit, deployment or artifact through a POST webhook. dest_host : the IP or DNS, port and page to HTTP(S) POST to, format https://www.myorg.com:514/whatever . secret_key : an arbitrary shared secre...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024
Webhook (Bulk)
Output batches of events, detections, audits, deployments or artifacts through a POST webhook. dest_host : the IP or DNS, port and page to HTTP(S) POST to, format https://www.myorg.com:514/whatever . secret_key : an arbitrary shared secret ...
Written by
Matt Bromiley
,
Eric Capuano
Updated on : 05 Oct 2024