Community Exchange
Playbooks A place to share Python playbooks for use in LimaCharlie. Adapter Parsers A place to share adapter parsers for specific log formats. To learn more about adapter parsers, see our docs: https://docs.limacharlie.io/docs/adapter-usage#parsing-and-mapping IaC Templates A place to share IaC (Infrastructure-as-Code) templates for the LimaCharlie SecOps Cloud Platform. Detection & Response Rules This category is dedicated to all things Detection & Response. Share your custom D&R rules, detection logic, incident response playbooks, and automation rules. Learn from others and contribute to the community’s collective defense. LCQL Queries This category is dedicated to the sharing and discussion of LimaCharlie Query Language (LCQL) queries. Find and contribute queries for a variety of purposes, including threat hunting, incident response, data analysis, and reporting. Help the community build a library of valuable LCQL resources.
Topic | Replies | Views | Activity | |
---|---|---|---|---|
About the Community Exchange category |
![]() |
1 | 7 | February 17, 2025 |
Check out the LC IaC Generator!
For inspiration on some interesting capabilities which can be deployed via IaC template, see our open source IaC generator. The LimaCharlie Infrastructure-as-Code (IaC) Generator allows users to select various configura… |
![]() |
2 | 12 | March 14, 2025 |
Detecting Unauthorized Removable Media |
![]() |
0 | 7 | March 7, 2025 |
Outside Business Hours Logon Detection |
![]() |
1 | 7 | March 7, 2025 |
Using Regex Patterns with Adapters
One of the most powerful features of LimaCharlie’s Adapters is the ability to ingest any data type and utilize the Adapter configuration to customize the telemetry to your liking. One thing I always found useful was the… |
![]() ![]() |
1 | 9 | March 3, 2025 |
Developing A Baseline For Sensitive Process Access |
![]() |
0 | 7 | February 18, 2025 |
Detecting Suspicious LSASS Access + Template String Example |
![]() |
0 | 9 | February 18, 2025 |
Quickly Find Remote Desktop Logons |
![]() |
0 | 12 | February 17, 2025 |
Tracking Failed Windows Logons for Threat Hunting |
![]() |
0 | 5 | February 17, 2025 |
Is rundll32.exe Executed Without Expected Dll Path? |
![]() |
0 | 3 | February 17, 2025 |
Obfuscation in CLI arguments |
![]() |
0 | 6 | February 14, 2025 |
Automating Artifact Collection Upon Waking Sleeper Agents |
![]() |
0 | 7 | February 14, 2025 |