- Print
- Dark
2025-03-28
Web app 4.1.4
UI betterment: quick filters for common platforms on Sensor list, reliable navigation from/to Detections, other small improvements and bug fixes.
Adapter for SentinelOne: connects to SentinelOne MGMT API and send to LC alerts, threats, and other events of interest.
2025-03-28
Endpoint agent v4.33.4
Fix missing pipe event for Windows
Fix the kernel acquisition module for Linux arm64 builds
Extensions and adapters:
Git-Sync - take the best from LimaCharlie Infra as Code by connecting with Git and syncing the desired sections of your configurations in easy to use UI. Documentation
ext-renigma v1.0.0 - initial release of integration with REnigma - an advanced malware analysis platform leveraging its unique Record and Replay technology - read more in the Docs.
MIMECAST adapter - connect to the Mimecast API to stream audit events as they happen Read more in the Docs.
Web app 4.1.1
Usability improvements on Detection page, ability to re-run command in sensor/console, fix “copy array index”, and numerous bug fixes.
2025-03-14
Web App v4.0.2
A long-awaited modernized UI is available (in preview). More work in on the way to further improve user experience.
In-product dashboards available (in preview) - a bird’s eye view on key detections and the flow of data.
This is not just a paint job: we made substantial internal changes and will continue to improve quality. Learn more on what has changed in our blog: Announcing Our UI Update and In-product Dashboards.
Notes
On large orgs, the dashboards can take up to 15 sec to load the very first time, and normalize after the first load. Optimizations on the way.
The Query Console is not available in the Modern UI yet. We will bring it there, in a much better shape. Meantime you’ll have to switch back to the Old Theme to access to it.
Add-Ons & Adapters:
New: PandaDoc adapter to connect and fetch PandaDoc API logs
New: CrowdStrike Falcon Cloud adapter - allows you to connect to CrowdStrike Falcon Cloud to stream events as they happen in the CrowdStrike Falcon Console.
Update: Cloud-CLI v1.4.8 Extension - We have improved observability in the CLI extensions such as
ext-cloud-cli
which allows us to support users better. Additionally, we have improved error handling and reporting around long running CLI commands which may have got stuck or timed out.
2025-03-06
EDR Agent: v4.33.2
Fixed a path expansion issues that would cause the cleanup command on Windows to leave configuration files after the uninstallation procedure.
Adapter: v1.27.2
Added support for ZenDesk, read more in our docs: https://docs.limacharlie.io/docs/adapter-types-zendesk
2025-02-28
Introducing LimaCharlie Labs, where we share with you brave experiments and early prototypes of features and extensions that may or may not become production, based on your input and feedback. Check the LABS
badge on the Web App.
Playbook Extension is now available in the Labs - see documentation here
Web App v3.10.1
Introduce Event Latency (
routing/latency
), and add latency metrics to the Sensor Analytics, to help identify and troubleshoot any event latency issues.Add “Search by Description” to the org list.
Bug fixes.
“Report a Bug”: integrated tool to report bugs easily so that we do more bug fixes for y’all.
2025-02-21
Web App v3.9.3
Bug fixes: handling edge-cases of org creation and adding users flows, fixing MS 365 sensor false status in certain rare conditions, other small fixes and internal instrumentation improvements.
CLI 4.9.12
Add users, simplified. Wrapping the new API, a new command
limacharlie users invite
makes it easy to add a user, or a batch of users, to the org - without requesting them to create LimaCharlie account. See Invite users section in LimaCharlie SDK for usage.
EDR Endpoint Agent v4.33.1
Fix various directory and file permissions on macOS
Added a status file to help troubleshooting
The status file contains the sensor id, organization id, version and the agent's service uptime
File locations are platform specific:
Linux:
/opt/limacharlie/hcp_hbs_status.json
macOS:
/Library/Application Support/limacharlie/hcp_hbs_status.json
Windows:
c:\\programdata\\limacharlie\\hcp_hbs_status.json
Fix a missing package name for
Microsoft Edge Update
on WindowsFix a pattern matching issues that what affecting file integrity notifications
Added the
LC_DISABLE_REVERSE_DNS_HOSTNAME
environment variable support for customers wanting to use the local hostname instead of resolving it
2025-01-24
Web App v3.8.12
New Features:
New Australia Datacenter: We have added a new datacenter in Australia to enhance the performance and availability of our services for users in the region.
Secrets Manager Integration: The SMTP password field now allows for integration with our secrets manager, providing a more secure way to handle authentication credentials.
New Extension:
ext-nims
allows you to send detections from LimaCharlie to NIMS via the Notion API. Read more here.
Bug Fixes & Enhancements:
Autofill OTP: The one-time password (OTP) field now properly auto-fills from password managers.
User Permissions Warning: A warning message has been implemented to notify users when revoking permissions to a user.
2025-01-09
Web App v3.8.10
Bug Fixes and Improvements
Fixed a bug where creating a new secret in a secret manager and changing cloud adapter configuration at the same time would not update the cloud configuration with the new secret. This fix prevents the bug by stopping a certain event from being propagated.
ext-usage-alerts v1.0.0
Newly released extension which allows you to create, maintain, & automatically refresh usage alert conditions for an Organization. Read more here.
2024-12-12
Web App v3.8.8
New features
Introduced user-level saved queries for improved data management.
Bug Fixes and Improvements
Fixed the alignment of the ‘skip for now’ text on the initial sensor onboarding screen during organization creation.
Resolved an error related to empty extension configurations, enhancing user experience.
Fixed a minor scroll issue on the sensors page where there was a slight horizontal scroll possible on the page.
Implemented a fix for an issue where the organization creation waiting room would display “missing permission errors” when opening the app.
Minor enhancement on the input field for adding a user to your organization, where it will now show an error if the 'add user' button is clicked without a user's email filled in.
Updating various mentions of "Yara" to be all caps to reflect it being an acronym
2024-10-28
New MITRE Report API In this release, we've added a new REST API and CLI for producing a MITRE report for a given Organization based on the D&R rules in place (using their tags like attack..t1000.xxx
).
API: https://api.limacharlie.io/static/swagger/#/Rules/getOrgMITREReport
CLI:
limacharlie mitre-report
The resulting JSON report can be used with the attack-navigator: https://mitre-attack.github.io/attack-navigator/.This capability makes it easier to track security coverage against MITRE ATT&CK framework.
2024-10-19
EDR Sensor v4.31.1
Network connection stability enhancements on all platforms.
The enhancements are both in the cloud-triggered upgrade version of the sensor AND in the on-disk installation, but there is no requirement to deploy both simultaneously.
2024-10-17
New sort and bulk actions functionality for tables
In this release, we are adding the ability to sort columns in the LimaCharlie web app. In addition, tables now support bulk actions (Enable/Disable and Delete). This applies to the following sections of the web app: Adapters, Yara Rules, Secrets, Lookups, False Positive Rules and Detection and Response Rules.
Prior Release Notes
All prior date release notes are located here: https://limacharlie.io/release-notes