Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a malicious behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.
Soteria rules come at a cost of $0.5 per endpoint per month once you are on a paid tier. Soteria rules (as well as all other add-ons) are free for up to two endpoints.
Please note that Soteria won’t get access to your data, and you won’t be able to see or edit their rules - LimaCharlie acts as a broker between the two parties.
The rules cover attacks on Windows, macOS and Linux. You can check the dynamic MITRE ATT&CK mapping here:
Enabling Soteria Rules
To enable the Soteria rules, you want to navigate to the Add-ons section and search for
Soteria using the search bar.
Under the Organization dropdown, select a tenant (organization) you want to subscribe to Soteria rules and click
You can also manage add-ons from the
Subscriptions menu under
Tenants that have been subscribed to the add-on, will be marked with a green check mark in the Organization dropdown.
Infrastructure as Code
Alternatively, to manage tenants and LimaCharlie functionality at scale, you can leverage our Infrastructure as Code functionality.