Output Destinations

Output events and detections to an Amazon S3 bucket. If you have your own visualization stack, or you just need the data archived, you can output directly to Amazon S3. This way you don't need any infrastructure. bucket : the path to the AWS S3...

Output events and detections to a Kafka target. dest_host : the IP or DNS and port to connect to, format kafka.myorg.com . is_tls : if true will output over TCP/TLS. is_strict_tls : if true will enforce validation of TLS certs. ...

Output events and detections to an Azure Event Hub (similar to PubSub and Kafka). connection_string : the connection string provided by Azure. Note that the connection string should end with ;EntityPath=your-hub-name which is sometimes miss...

Output events and detections to a Blob Container in Azure Storage Blobs. secret_key : the secret access key for the Blob Container. blob_container : the name of the Blob Container to upload to. account_name : the account name used to aut...

Output events and detections to Elastic . addresses : the IPs or DNS where to send the data to. index : the index name to send data to. username : user name if using username/password auth. (use either username/password -or- API key) ...

Output events and detections to a Google Cloud BigQuery Table. For a practical use case of this output, see this tutorial on pushing Velociraptor data to BigQuery . schema : describes the column names, data types, and other information; should...

Output events and detections to a Pubsub topic. secret_key : the secret json key identifying a service account. project : the GCP Project name where the Topic lives. topic : use this specific value as a topic. Example: project: my-p...

Output events and detections to a GCS bucket. Looking for Google Chronicle? If you already use Google Chronicle, we make it easy to send telemetry you've collected in LimaCharlie to Chronicle. You can get that set up by creating an Output in ...

Output events and detections to the Humio.com service. humio_repo : the name of the humio repo to upload to. humio_api_token : the humio ingestion token. endpoint_url : optionally specify a custom endpoint URL, if you have Humio deploy...

Output events and detections to OpenSearch . addresses : the IPs or DNS where to send the data to index : the index name to send data to username : user name if using username/password auth password : password if using username/pass...

Output events and detections over SCP (SSH file transfer). dest_host : the ip:port where to send the data to, like 1.2.3.4:22 . dir : the directory where to output the files on the remote host. username : the SSH username to log in with...

Output events and detections over SFTP. dest_host : the ip:port where to send the data to, like 1.2.3.4:22 . dir : the directory where to output the files on the remote host. username : the username to log in with. password : option...

Output detections and audit (only) to a Slack community and channel. slack_api_token : the Slack provided API token used to authenticate. slack_channel : the channel to output to within the community. Example: slack_api_token: sample_ap...

One option to export data from LimaCharlie is via SMTP, allowing you to send emails directly to a ticketing inbox or send high-priority detections to an on-call, shared email. To utilize SMTP output, you will need: An SMTP server that utilizes S...

To send data from LimaCharlie to Splunk, you will need to configure an Output. Want to reduce Splunk spend? Watch the webinar recording to learn about using LimaCharlie to reduce spending on Splunk and other high-cost security data solution...

Syslog (TCP) Output events and detections to a syslog target. dest_host : the IP or DNS and port to connect to, format www.myorg.com:514 . is_tls : if true will output over TCP/TLS. is_strict_tls : if true will enforce validation o...

Output events and detections to Tines . dest_host : the Tines-provided Webhook URL Example: dest_host: https://something.tines.com/webhook/de2314c5f6246d17e82bf7b5742c9eaf/2d2dbcd2ab3845e9592d33c0526bc123 Detections or events sent to ...

Output individually each event, detection, audit, deployment or artifact through a POST webhook. dest_host : the IP or DNS, port and page to HTTP(S) POST to, format https://www.myorg.com:514/whatever . secret_key : an arbitrary shared secre...

Output batches of events, detections, audits, deployments or artifacts through a POST webhook. dest_host : the IP or DNS, port and page to HTTP(S) POST to, format https://www.myorg.com:514/whatever . secret_key : an arbitrary shared secret ...