LimaCharlie Documentation
Glossary
Initializing search
refractionPOINT/documentation
Home
Getting Started
Sensors
Detection & Response
Data & Queries
Integrations
Developer Guide
Administration
Reference
AI Sessions
Release Notes
LimaCharlie Documentation
refractionPOINT/documentation
Home
Getting Started
Getting Started
What is LimaCharlie?
Quickstart
Core Concepts
Tutorials
Tutorials
Sensors
Sensors
Installation Keys
Sensor Connectivity
Sensor Tags
Log Collection Guide
Telemetry Index
Endpoint Agents
Endpoint Agents
Windows
Windows
Installation
Custom MSI
macOS
macOS
Installation (Sequoia+)
Installation (Catalina-Sonoma)
Installation (Older)
MDM Profiles
Jamf
Intune
Linux
Linux
Installation
Chrome
Edge
Docker
Containers
VDI Templates
Payloads
Versioning & Upgrades
Service Upgrades
Uninstallation
Hostname Resolution
Sleeper Mode
Enterprise Deployment
Enterprise Deployment
Chrome Enterprise
Intune
Adapters
Adapters
Deployment
As a Service
Usage
Cloud Providers
Cloud Providers
AWS CloudTrail
AWS GuardDuty
AWS S3
AWS SQS
Azure Event Hub
GCP Pub/Sub
GCP Storage
Azure Services
Azure Services
Key Vault
Kubernetes Service
Monitor
Network Security Group
SQL Audit Logs
Identity & Access
Identity & Access
Okta
Microsoft Entra ID
Duo
1Password
Security Tools
Security Tools
CrowdStrike
Microsoft Defender
SentinelOne
Sophos
Carbon Black
Sublime Security
Collaboration
Collaboration
Microsoft 365
Slack Audit
Google Workspace
Atlassian
HubSpot
Zendesk
PandaDoc
Mimecast
Infrastructure
Infrastructure
Kubernetes Pods
IIS
Cato
Tailscale
Generic
Generic
Syslog
JSON
File
Stdin
Windows Event Log
EVTX
Mac Unified Logging
IMAP
Other
Other
Canary Tokens
IT Glue
Examples
Examples
Stdin JSON
Stdin
Windows Event Logs
Tutorials
Tutorials
Webhook Adapter
OpenTelemetry via Webhook
Google Cloud Logs
Cloud Telemetry
Troubleshooting
Troubleshooting
Non-Responding Sensors
Tutorials
Tutorials
Windows Event Logs
Sysmon Logs
Defender Logs
Linux Audit Logs
macOS Unified Logs
Test Sensor Version
Update Sensors
Detection & Response
Detection & Response
Writing & Testing Rules
Threat Feed Rule
D&R Rule Building Guidebook
Examples
False Positive Rules
Stateful Rules
Sensor Variables
Behavioral Detection
Unit Tests
Alternate Targets
Managed Rulesets
Managed Rulesets
Community Rules
Sigma Converter
SOC Prime
Soteria EDR
Soteria AWS
Soteria M365
Data & Queries
Data & Queries
LCQL Examples
Query Console UI
Query CLI
Template Strings
Template Transforms
Events
Events
Sysmon Comparison
Tutorials
Tutorials
BigQuery + Looker Studio
Integrations
Integrations
Add-ons
Outputs
Outputs
Stream Structures
Testing
Allowlisting
Billing
Destinations
Destinations
Amazon S3
Splunk
Elastic
BigQuery
Syslog
Webhook
Webhook Bulk
Slack
SMTP
Apache Kafka
Azure Event Hub
Azure Storage Blob
Google Cloud Storage
Google Pub/Sub
Humio
OpenSearch
SCP
SFTP
Tines
Extensions
Extensions
Using Extensions
LimaCharlie
LimaCharlie
Git Sync
Reliable Tasking
YARA Manager
Artifact
BinLib
Infrastructure
Usage Alerts
Dumper
EPP
Exfil
Integrity
Lookup Manager
Payload Manager
Sensor Cull
Cases
Third Party
Third Party
Velociraptor
Zeek
YARA
Hayabusa
Atomic Red Team
OTX
PagerDuty
Plaso
Strelka
Twilio
Govee
NIMS
Renigma
SecureAnnex
Labs
Labs
Playbook
Cloud CLI
Cloud CLI
1Password
AWS
Azure
DigitalOcean
GitHub
Google Cloud
Microsoft 365
Okta
SDM
Sublime
Tailscale
Vultr
API Integrations
API Integrations
VirusTotal
GreyNoise
Hybrid Analysis
AlphaMountain
EchoTrail
IP ASN
IP Geolocation
Pangea
Services
Services
Replay
Dumper
Tutorials
Tutorials
VirusTotal Integration
Hayabusa BigQuery
Velociraptor BigQuery
Developer Guide
Developer Guide
SDKs
SDKs
Python SDK
Go SDK
Command Line Interface
CLI Extension
Connecting AI Assistants
Building Extensions
Building Extensions
Getting Started
User Interface
Schema & Data Types
Grant Program
Administration
Administration
Access
Access
API Keys
User Access
SSO
Billing
Billing
Options
Custom Plans
Estimating Data Ingestion
Config Hive
Config Hive
Secrets
Lookups
D&R Rules
YARA
Cloud Sensors
Investigation
Reference
Reference
Endpoint Commands
Detection Operators
Response Actions
EDR Events
Platform Events
Schedule Events
Event Schemas
Sensor Selectors
ID Schema
Permissions
Error Codes
Auth Resource Locator
YARA Modules
Latency
FAQ
FAQ
General
Account Management
Billing
D&R Rules
Sensor Installation
Privacy
Troubleshooting
Invoices
Sensor Removal
AI Sessions
AI Sessions
D&R-Driven Sessions
User Sessions
API Reference
TypeScript SDK
Release Notes
Release Notes
Glossary
Back to top