Release Notes

2025-03-28

• Web app 4.1.4

  • UI betterment: quick filters for common platforms on Sensor list, reliable navigation from/to Detections, other small improvements and bug fixes.

• Adapter for SentinelOne:  connects to SentinelOne MGMT API and send to LC alerts, threats, and other events of interest.

2025-03-28

• Endpoint agent v4.33.4

  • Fix missing pipe event for Windows

  • Fix the kernel acquisition module for Linux arm64 builds

• Extensions and adapters:

  • Git-Sync - take the best from LimaCharlie Infra as Code by connecting with Git and syncing the desired sections of your configurations in easy to use UI. Documentation

  • ext-renigma v1.0.0 - initial release of integration with REnigma - an advanced malware analysis platform leveraging its unique Record and Replay technology - read more in the Docs.

  • MIMECAST adapter - connect to the Mimecast API to stream audit events as they happen Read more in the Docs.

• Web app 4.1.1

  • Usability improvements on Detection page, ability to re-run command in sensor/console,  fix “copy array index”, and numerous bug fixes.

2025-03-14

Web App v4.0.2

• A long-awaited modernized UI is available (in preview). More work in on the way to further improve user experience.  

• In-product dashboards available (in preview) - a bird’s eye view on key detections and the flow of data.

This is not just a paint job: we made substantial internal changes and will continue to improve quality. Learn more on what has changed in our blog: Announcing Our UI Update and In-product Dashboards.

Notes

• On large orgs, the dashboards can take up to 15 sec to load the very first time, and normalize after the first load. Optimizations on the way.

• The Query Console is not available in the Modern UI yet. We will bring it there,  in a much better shape. Meantime you’ll have to switch back to the Old Theme to access to it.

Add-Ons & Adapters:

• New: PandaDoc adapter to connect and fetch PandaDoc API logs

• New:  CrowdStrike Falcon Cloud adapter - allows you to connect to CrowdStrike Falcon Cloud to stream events as they happen in the CrowdStrike Falcon Console.

• Update: Cloud-CLI v1.4.8 Extension - We have improved observability in the CLI extensions such as ext-cloud-cli which allows us to support users better. Additionally, we have improved error handling and reporting around long running CLI commands which may have got stuck or timed out.

2025-03-06

EDR Agent: v4.33.2

• Fixed a path expansion issues that would cause the cleanup command on Windows to leave configuration files after the uninstallation procedure.

Adapter: v1.27.2

• Added support for ZenDesk, read more in our docs: https://docs.limacharlie.io/docs/adapter-types-zendesk

2025-02-28

Introducing LimaCharlie Labs, where we share with you brave experiments and early prototypes of features and extensions that may or may not become production, based on your input and feedback. Check the LABS badge on the Web App.

• Playbook Extension is now available in the Labs - see documentation here

Web App v3.10.1

• Introduce Event Latency ( routing/latency ), and add latency metrics to the Sensor Analytics, to help identify and troubleshoot any event latency issues.

• Add “Search by Description” to the org list.

• Bug fixes.

• “Report a Bug”: integrated tool to report bugs easily so that we do more bug fixes for y’all.

2025-02-21

Web App v3.9.3

• Bug fixes: handling edge-cases of org creation and adding users flows, fixing MS 365 sensor false status in certain rare conditions, other small fixes and internal instrumentation improvements.

CLI 4.9.12

• Add users, simplified. Wrapping the new API, a new command limacharlie users invite makes it easy to add a user, or a batch of users, to the org - without requesting them to create LimaCharlie account. See Invite users section in LimaCharlie SDK for usage.

EDR Endpoint Agent v4.33.1

• Fix various directory and file permissions on macOS

• Added a status file to help troubleshooting

  • The status file contains the sensor id, organization id, version and the agent's service uptime

  • File locations are platform specific:

    • Linux: /opt/limacharlie/hcp_hbs_status.json

    • macOS: /Library/Application Support/limacharlie/hcp_hbs_status.json

    • Windows: c:\\programdata\\limacharlie\\hcp_hbs_status.json

• Fix a missing package name for Microsoft Edge Update on Windows

• Fix a pattern matching issues that what affecting file integrity notifications

• Added the LC_DISABLE_REVERSE_DNS_HOSTNAME environment variable support for customers wanting to use the local hostname instead of resolving it

2025-01-24

Web App v3.8.12

• New Features:

  • New Australia Datacenter: We have added a new datacenter in Australia to enhance the performance and availability of our services for users in the region.

  • Secrets Manager Integration: The SMTP password field now allows for integration with our secrets manager, providing a more secure way to handle authentication credentials.

  • New Extension: ext-nims allows you to send detections from LimaCharlie to NIMS via the Notion API. Read more here.

• Bug Fixes & Enhancements:

  • Autofill OTP: The one-time password (OTP) field now properly auto-fills from password managers.

  • User Permissions Warning: A warning message has been implemented to notify users when revoking permissions to a user.

2025-01-09

Web App v3.8.10

• Bug Fixes and Improvements

  • Fixed a bug where creating a new secret in a secret manager and changing cloud adapter configuration at the same time would not update the cloud configuration with the new secret. This fix prevents the bug by stopping a certain event from being propagated.

ext-usage-alerts v1.0.0

• Newly released extension which allows you to create, maintain, & automatically refresh usage alert conditions for an Organization. Read more here.

2024-12-12

Web App v3.8.8

• New features

  • Introduced user-level saved queries for improved data management.

• Bug Fixes and Improvements

  • Fixed the alignment of the ‘skip for now’ text on the initial sensor onboarding screen during organization creation.

  • Resolved an error related to empty extension configurations, enhancing user experience.

  • Fixed a minor scroll issue on the sensors page where there was a slight horizontal scroll possible on the page.

  • Implemented a fix for an issue where the organization creation waiting room would display “missing permission errors” when opening the app.

  • Minor enhancement on the input field for adding a user to your organization, where it will now show an error if the 'add user' button is clicked without a user's email filled in.

  • Updating various mentions of "Yara" to be all caps to reflect it being an acronym

2024-10-28

New MITRE Report API In this release, we've added a new REST API and CLI for producing a MITRE report for a given Organization based on the D&R rules in place (using their tags like attack..t1000.xxx).

• API: https://api.limacharlie.io/static/swagger/#/Rules/getOrgMITREReport

• CLI: limacharlie mitre-report

The resulting JSON report can be used with the attack-navigator: https://mitre-attack.github.io/attack-navigator/.This capability makes it easier to track security coverage against MITRE ATT&CK framework.

2024-10-19

EDR Sensor v4.31.1

• Network connection stability enhancements on all platforms.

• The enhancements are both in the cloud-triggered upgrade version of the sensor AND in the on-disk installation, but there is no requirement to deploy both simultaneously.

2024-10-17

New sort and bulk actions functionality for tables

In this release, we are adding the ability to sort columns in the LimaCharlie web app. In addition, tables now support bulk actions (Enable/Disable and Delete). This applies to the following sections of the web app: Adapters, Yara Rules, Secrets, Lookups, False Positive Rules and Detection and Response Rules.

Prior Release Notes

All prior date release notes are located here: https://limacharlie.io/release-notes