Telemetry

LimaCharlie supports webhooks as a telemetry ingestion method. Webhooks are technically cloud Adapters , as they cannot be deployed on-prem or through the downloadable adapter binary. Webhook adapters are created by enabling a webhook through the...

With LimaCharlie, you can easily ingest Google Cloud logs for further processing and automation. This article covers the following high-level steps of shipping logs from GCP into LimaCharlie: Create a Log Sink to Pubsub in GCP Create a Subscri...

One data source of common interest on Linux systems is the audit.log file. By default, this file stores entries from the Audit system, which contains information about logins, privilege escalations, and other account-related events. You can find m...

Sysmon can be a valuable addition to any defender's toolkit, given it's verbosity and generous log data. It's worth noting that LimaCharlie's native EDR capabilities mirror much of the same telemetry. However, Sysmon and LimaCharlie can be combined ...

LimaCharlie allows for ingestion of logs or telemetry from any external source in real-time. It includes built-in parsing for popular formats, with the option to define your own for custom sources. There are two ways to ingest logs or telemetry fr...

You can enable real-time Windows Event Log (WEL) ingestion using the LimaCharlie EDR Sensor. First, navigate to the Exfil Control section of LimaCharlie and ensure that WEL events are enabled for your Windows rules. Next, navigate to the ...

You can enable real-time MacOS Unified Logs (MUL) ingestion using the LimaCharlie EDR Sensor. First, navigate to the Exfil Control section of LimaCharlie and ensure that MUL events are enabled for your Windows rules. Next, navigate to the ...