- Getting Started
- Sensors 27
- Adapters 20
- Adapter Examples
- Adapter Types 16
- Azure Logs 4
- 1Password
- Atlassian Updated
- AWS CloudTrail
- AWS GuardDuty Updated
- Azure Event Hub
- Canarytokens Updated
- Cato Updated
- Duo
- File Updated
- Google Cloud Pubsub
- Google Cloud Storage
- Google Workspace
- IIS Logs
- IMAP Updated
- IT Glue
- JSON Updated
- Kubernetes Pods Logs
- Mac Unified Logging
- Microsoft Defender Updated
- Microsoft Entra ID Updated
- Microsoft 365
- Okta Updated
- S3
- Slack Audit Logs
- Sophos
- SQS
- Stdin
- Syslog
- Sublime Security Updated
- Tailscale Updated
- VMWare Carbon Black
- Windows Event Log
- EVTX
- Adapter Deployment
- Adapters as a Service
- Adapter Tutorials 3
- Adapter Usage Updated
- Template Strings and Transforms
- Artifacts
- Endpoint Agent 7
- Hostname Resolution
- Endpoint Agent Commands 1
- Endpoint Agent Installation Updated 3
- Endpoint Agent Uninstallation
- Endpoint Agent Versioning and Upgrades Updated
- Payloads
- Sleeper Deployment
- Tutorials 1
- Installation Keys
- Sensor Tags
- Sensor Connectivity
- Reference
- Adapters 20
- Query Console
- Detection and Response Updated 4
- Events 2
- Platform Management 4
- Outputs 1
- Add-Ons 8
- FAQ 1
- Release Notes Updated
Tutorial: Ingesting Telemetry from Cloud-Based External Sources
LimaCharlie allows for ingestion of logs or telemetry from any external source in real-time. It includes built-in parsing for popular formats, with the option to define your own for custom sources.
There are two ways to ingest logs or telemetry from external sources:
Run the LimaCharlie Adapter on premises or on your cloud
Provide credentials for the destination and allow LimaCharlie cloud to connect directly (available for cloud-based Adapters)
To connect with the cloud-based external source, first ensure you have the cloudsensor.*
permissions.
After the permissions have been enabled, navigate to the Sensors
page of the web app and click Add Sensor
.
Choose an external source you would like to ingest logs or telemetry from, or filter the list to only include Cloud & External Sources
to see available options.
If there is an external source you wish to connect that is not listed, you can still ingest via the LimaCharlie Adapter with self-defined parsing. Alternatively, please contact us to discuss adding this source in LimaCharlie.
After selecting the Sensor type, choose or create an Installation Key. Then, enter the name for the sensor and provide method-specific credentials for connection.
If the sensor you selected is cloud-based, you will see the call to action Complete Cloud Installation
.
*Note that sensors that support cloud to cloud communication, can also be installed by running an adapter on premises or on cloud hosted by the customer. While it is a rare scenario, some customers might prefer that option when they do not want to share the sensor's API credentials with LimaCharlie. *
Similar to agents, Sensors send telemetry to the LimaCharlie platform in the form of EDR telemetry or forwarded logs. Sensors are offered as a scalable, serverless solution for securely connecting endpoints of an organization to the cloud.