Query Console

The LimaCharlie Query Console is a powerful feature within the LimaCharlie web application that enables users to interactively execute queries across their collected telemetry data using the LimaCharlie Query Language (LCQL). The Query Console provides a streamlined interface to search, filter, and analyze events from multiple sources, such as EDR Sensors or telemetry from other integrated platforms. This allows security teams to easily perform targeted hunts, incident investigations, and data analysis across their fleet of devices.

Through the Query Console, users can write, execute, and save LCQL queries to explore various event types, such as network activity, process execution, and system changes. Queries can be customized for specific environments and saved for future use, offering a flexible solution for recurring investigations. Additionally, queries can be made programmatically via the REST API, allowing for automation and integration with other security workflows or platforms. Users can also leverage predefined examples or create unique queries to share with the LimaCharlie community, enhancing collaborative threat hunting and data exploration. The Query Console helps organizations gain deeper insights into their telemetry, simplifying large-scale data searches and empowering proactive security operations.

For examples and inspiration, see LCQL Examples.