Third-Party Extensions

Atomic Red Team is a library of tests mapped to the MITRE ATT&CK framework, provided by Red Canary. With this Extension , LimaCharlie users can use Atomic Red Team to quickly, portably, and reproducibly test their environments. Find more infor...

The Govee Extension allows you to trigger color changes on your supported Govee lights via a D&R rule response action. It requires you to configure a Govee API key in the extension. Setup Request an API key from Govee by following thei...

Hayabusa Extension Pricing While it is free to enable the Hayabusa extension, pricing is applied to downloaded and processed artifacts -- $0.02/GB for the original artifact, and $0.5/GB for the generation of the Hayabusa artifact. The Ha...

Notion Incident Management System (NIMS) helps SOC/IR teams streamline their incident collaboration. While not a replacement for advanced SIEM or SOAR case management systems, it offers a practical alternative for teams that don't have access to the...

AlienVault’s Open Threat Exchange (OTX) is the “neighborhood watch of the global intelligence community.” It enables private companies, independent security researchers, and government agencies to openly collaborate and share the latest information ...

The PagerDuty Extension allows you to trigger events within PagerDuty. It requires you to setup the PagerDuty access token in the Integrations section of your Organization . Some more detailed information is available here . REST Trigger Even...

Plaso Extension Pricing While it is free to enable the Plaso extension, pricing is applied to both the original downloaded artifact and the processed (Plaso) artifacts -- $0.02/GB for the original downloaded artifact, and $1.0/GB for the gen...

Secure Annex is a browser extension security platform that provides a comprehensive analysis of the Chrome extensions installed across your organization’s endpoints. The Secure Annex LimaCharlie Extension allows you to query the Secure Annex AP...

Strelka Extension Pricing Note that usage of ext-strelka will incur usage of Artifact Exporting (applied to processed artifacts at a rate of $0.02/GB) as well as webhook data received in LimaCharlie and the related costs on top of the ext-st...

Overview The Twilio Extension allows you to send messages within Twilio. It requires you to setup the Twilio authentication in the Integrations section of your Organization . Some more detailed information is available here . Setup To star...

Overview Velociraptor is an open source endpoint visibility tool that includes power digital forensic, incident response, and incident triage capabilities. LimaCharlie can be used to deploy Velociraptor at scale, allowing for easy artifact collec...

The YARA Extension is designed to help you with all aspects of YARA scanning. It takes what is normally a manual piecewise process, provides a framework and automates it. Once configured, YARA scans can be run on demand for a particular endpoint...

Zeek Extension Pricing While it is Free to enable the Zeek extension, pricing is applied to processed PCAPs at a rate of $0.02/GB. Zeek is a comprehensive platform for network traffic analysis and intrusion detection. Once enabled, thi...