LimaCharlie Documentation
Glossary
Initializing search
refractionPOINT/documentation
Home
Getting Started
Sensors
Detection & Response
Data & Queries
Integrations
Developer Guide
Administration
Reference
AI Sessions
Release Notes
LimaCharlie Documentation
refractionPOINT/documentation
Home
Getting Started
Getting Started
What is LimaCharlie?
Quickstart
Core Concepts
Tutorials
Tutorials
Sensors
Sensors
Installation Keys
Sensor Connectivity
Sensor Tags
Log Collection Guide
Telemetry Index
Endpoint Agents
Endpoint Agents
Windows
Windows
Installation
Custom MSI
macOS
macOS
Installation (Sequoia+)
Installation (Catalina-Sonoma)
Installation (Older)
MDM Profiles
Jamf
Intune
Linux
Linux
Installation
Chrome
Edge
Docker
Containers
VDI Templates
Payloads
Versioning & Upgrades
Service Upgrades
Uninstallation
Hostname Resolution
Sleeper Mode
Enterprise Deployment
Enterprise Deployment
Chrome Enterprise
Intune
Adapters
Adapters
Deployment
As a Service
Usage
Cloud Providers
Cloud Providers
AWS CloudTrail
AWS GuardDuty
AWS S3
AWS SQS
Azure Event Hub
GCP Pub/Sub
GCP Storage
Azure Services
Azure Services
Key Vault
Kubernetes Service
Monitor
Network Security Group
SQL Audit Logs
Identity & Access
Identity & Access
Okta
Microsoft Entra ID
Duo
1Password
Security Tools
Security Tools
Check Point Harmony
CrowdStrike
Microsoft Defender
SentinelOne
Sophos
Carbon Black
Sublime Security
Collaboration
Collaboration
Microsoft 365
Slack Audit
Google Workspace
Atlassian
HubSpot
Zendesk
PandaDoc
Mimecast
Infrastructure
Infrastructure
Kubernetes Pods
IIS
Cato
Tailscale
Generic
Generic
Syslog
JSON
File
Stdin
Windows Event Log
EVTX
Mac Unified Logging
IMAP
Other
Other
Canary Tokens
IT Glue
Examples
Examples
Stdin JSON
Stdin
Windows Event Logs
Tutorials
Tutorials
Webhook Adapter
OpenTelemetry via Webhook
Google Cloud Logs
Cloud Telemetry
Troubleshooting
Troubleshooting
Non-Responding Sensors
Tutorials
Tutorials
Windows Event Logs
Sysmon Logs
Defender Logs
Linux Audit Logs
macOS Unified Logs
Test Sensor Version
Update Sensors
Detection & Response
Detection & Response
Writing & Testing Rules
Threat Feed Rule
D&R Rule Building Guidebook
Examples
False Positive Rules
Stateful Rules
Sensor Variables
Behavioral Detection
Unit Tests
Alternate Targets
Managed Rulesets
Managed Rulesets
Community Rules
Sigma Converter
SOC Prime
Soteria EDR
Soteria AWS
Soteria M365
Data & Queries
Data & Queries
LCQL Examples
Query Console UI
Query CLI
Template Strings
Template Transforms
Events
Events
Sysmon Comparison
Tutorials
Tutorials
BigQuery + Looker Studio
Integrations
Integrations
Outputs
Outputs
Stream Structures
Testing
Allowlisting
Billing
Destinations — SIEM / Streaming
Destinations — SIEM / Streaming
Splunk
Elastic
OpenSearch
Humio
Apache Kafka
Syslog
Azure Event Hub
Google Pub/Sub
Destinations — Storage
Destinations — Storage
Amazon S3
Azure Storage Blob
Google Cloud Storage
BigQuery
SCP
SFTP
Destinations — Messaging
Destinations — Messaging
Slack
Microsoft Teams
Telegram
SMTP
Tines
Destinations — HTTP
Destinations — HTTP
Webhook
Webhook Bulk
Extensions
Extensions
Using Extensions
LimaCharlie
LimaCharlie
Artifact
BinLib
Cases
Dumper
EPP
Exfil
Feedback
Git Sync
Infrastructure
Integrity
Lookup Manager
Payload Manager
Playbook (LABS)
Reliable Tasking
Sensor Cull
Usage Alerts
YARA Manager
Third Party
Third Party
Atomic Red Team
Govee
Hayabusa
NIMS
OTX
PagerDuty
Plaso
Renigma
SecureAnnex
Strelka
Twilio
Velociraptor
YARA
Zeek
Cloud CLI
Cloud CLI
1Password
AWS
Azure
DigitalOcean
GitHub
Google Cloud
Microsoft 365
Okta
SDM
Sublime
Tailscale
Vultr
API Integrations
API Integrations
AlphaMountain
EchoTrail
GreyNoise
Hybrid Analysis
IP ASN
IP Geolocation
Pangea
VirusTotal
Services
Services
Replay
Tutorials
Tutorials
VirusTotal Integration
Human-in-the-Loop Response
Hayabusa BigQuery
Velociraptor BigQuery
Developer Guide
Developer Guide
SDKs
SDKs
Python SDK
Python SDK v4
Go SDK
Command Line Interface
CLI Extension
Connecting AI Assistants
Building Extensions
Building Extensions
Getting Started
User Interface
Schema & Data Types
Grant Program
Administration
Administration
Access
Access
API Keys
User Access
Designing Access
SSO
Billing
Billing
Options
Custom Plans
Estimating Data Ingestion
Config Hive
Config Hive
Secrets
Lookups
D&R Rules
YARA
Cloud Sensors
Reference
Reference
Endpoint Commands
Detection Operators
Response Actions
EDR Events
Platform Events
Schedule Events
Event Schemas
Sensor Selectors
ID Schema
Permissions
Error Codes
Auth Resource Locator
YARA Modules
Latency
FAQ
FAQ
General
Account Management
Billing
D&R Rules
Sensor Installation
Privacy
Troubleshooting
Invoices
Sensor Removal
AI Sessions
AI Sessions
D&R-Driven Sessions
User Sessions
Tool Permissions & Profiles
Runner Environment
AI Skills
AI Memory
Command Line Interface
Alternative Providers
API Reference
Compliance
Compliance
Installation
Frameworks
Skills Reference
Case-Reviewer Agent
Gap Analysis
Release Notes
Release Notes
Glossary
Back to top