Adapter Types

1Password provides an events API to fetch audit logs. Events can be ingested directly via a cloud-to-cloud or CLI Adapter . See 1Password's official API documentation here . 1Password telemetry can be addressed via the 1password platform. A...

Atlassian makes a suite of products that help foster enterprise work management, IT service management, and Agile development. Atlassian's products include: Bitbucket Confluence Jira Work Management (this includes a suite of products, inc...

AWS CloudTrail logs allow you to monitor AWS deployments. CloudTrail logs can provide granular visibility into AWS instances and can be used within D&R rules to identify AWS abuse. This Adapter allows you to ingest AWS CloudTrail events...

Overview This Adapter allows you to ingest AWS GuardDuty events via either an S3 bucket or SQS message queue . AWS GuardDuty helps you protect your AWS accounts with intelligent threat detection. Telemetry Platform: guard_duty Deploym...

Overview This Adapter allows you to connect to an Azure Event Hub to fetch structured data stored there. Azure Event Hubs are fully managed, real-time data ingestion services that allow for event streaming from various Microsoft Azure services...

Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves). Canarytokens are digital traps, or tripwires, that can be placed in an organization's network as a "lure" for ad...

Overview This Adapter allows you to connect to the Cato API to fetch logs from the events feed . Deployment Configurations All adapters support the same client_options , which you should always specify if using the binary adapter or creati...

Overview This Adapter allows you to connect to the Duo Admin API and fetch logs from it. Configurations Adapter Type: duo client_options : common configuration for adapter as defined here . integration_key : an integration key create...

Overview This Adapter allows you to ingest logs from a file, either as a one time operation or by following its output (like tail -f ). Configuration All adapters support the same client_options , which you should always specify if using t...

Overview This Adapter allows you to ingest events from a Google Cloud Pubsub subscription. Configurations Adapter Type: pubsub client_options : common configuration for adapter as defined here . sub_name : the name of the subscriptio...

Overview This Adapter allows you to ingest files/blobs stored in Google Cloud Storage (GCS). Note that this adapter operates as a sink by default, meaning it will "consume" files from the GCS bucket by deleting them once ingested. Configuration...

Google Workspace provides various communication, collaboration, and productivity applications for businesses of all sizes. Google Workspace audit logs provide data to help track "Who did what, where, an when?". Google Workspace Audit logs can b...

Microsoft's Internet Information Services (IIS) web server is a web server commonly found on Microsoft Windows servers. This Adapter assists with sending IIS web logs to LimaCharlie via the Adapter binary. Telemetry Platform (if applicable): iis...

Overview This Adapter allows you to ingest emails as events from an IMAP server. Configurations Adapter Type: imap client_options : common configuration for adapter as defined here . server : the domain and port of the IMAP server, l...

Overview This Adapter allows you to connect to IT Glue to fetch activity logs. Deployment Configurations All adapters support the same client_options , which you should always specify if using the binary adapter or creating a webhook adapte...

Overview This Adapter allows you to ingest logs from a file as JSON. Adapter type: file Configuration All adapters support the same client_options , which you should always specify if using the binary adapter or creating a webhook adapte...

Overview This Adapter allows you to ingest the logs from the pods running in a Kubernetes cluster. The adapter relies on local filesystem access to the standard Kubernetes pod logging structure. This means the adapter is best run as a Daemon Set...

Overview This Adapter allows you to collect events from MacOS Unified Logging. Deployment Configurations All adapters support the same client_options , which you should always specify if using the binary adapter or creating a webhook adapte...

Overview LimaCharlie can ingest Microsoft 365 Defender logs via an Azure Event Hub Adapter . More information on setting this up can be found here . Documentation for creating an event hub can be found here here . Telemetry Platform: msdefe...

Microsoft Entra ID , formerly Azure Active Directory, is an identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. The Entra ID API Adapter currently rec...

Microsoft 365, formerly Office 365, is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. This Adapter allows you to ingest audit events from the Office 365 Management Activity API . Microsoft 3...

Overview This Adapter allows you to connect to Okta to fetch system logs. Deployment Configurations All adapters support the same client_options , which you should always specify if using the binary adapter or creating a webhook adapter. If...

Overview This Adapter allows you to ingest files/blobs stored in AWS S3. Note that this adapter operates as a sink by default, meaning it will "consume" files from the S3 bucket by deleting them once ingested. Configurations Adapter Type: s...

Slack audit logs allow for ingestion of audit events in a Slack Enterprise Grid organization. Events can be ingested directly from the Slack API via a cloud-to-cloud or CLI Adapter . Slack telemetry can be addressed via the slack platform. N...

Overview This Adapter allows you to connect to Sophos Central to fetch event logs. Deployment Configurations All adapters support the same client_options , which you should always specify if using the binary adapter or creating a webhook ad...

Overview This Adapter allows you to ingest events received from an AWS SQS instance. Configurations Adapter Type: sqs client_options : common configuration for adapter as defined here . access_key : an Access Key from AWS used to a...

Overview This Adapter allows you to ingest logs from the adapter stdin. Configurations Adapter Type: stdin client_options : common configuration for adapter as defined here . API Doc None

Syslog is both a protocol and common logging format that consolidate events to a central location for storage. On *nix systems, Syslog often outputs to predefined locations, such as /var/log . The LimaCharlie Adapter can be configured as a Syslog...

Sublime Security is a comprehensive email security platform that allows users to create custom detections, gain visibility and control, and focus on prevention of malicious emails. Sublime events can be ingested in LimaCharlie via a json Webhoo...

Tailscale is a VPN service that makes devices and applications accessible anywhere in the world. Relying on the open source WireGuard protocol, Tailscale enables encrypted point-to-point connections. Tailscale events can be ingested in LimaCharli...

Overview LimaCharlie can ingest Carbon Black events from a number of storage locations. Typically, an organization would export Carbon Black data via the API to a storage mechanism, such as an S3 bucket, which would then be ingested by LimaCharlie....

Overview This Adapter allows you to connect to the local Windows Event Logs API on Windows. This means this Adapter is only available from Windows builds and only works locally (will not connect to remote Windows instances). Configurations Adap...

Overview This Adapter allows you to ingest and convert a .evtx file into LimaCharlie. The .evtx files are the binary format used by Microsoft for Windows Event Logs. This is useful to ingest historical Windows Event Logs, for example during a...