Community Exchange
Playbooks A place to share Python playbooks for use in LimaCharlie. Detection & Response Rules This category is dedicated to all things Detection & Response. Share your custom D&R rules, detection logic, incident response playbooks, and automation rules. Learn from others and contribute to the community’s collective defense. Adapter Parsers A place to share adapter parsers for specific log formats. To learn more about adapter parsers, see our docs: https://docs.limacharlie.io/docs/adapter-usage#parsing-and-mapping IaC Templates A place to share IaC (Infrastructure-as-Code) templates for the LimaCharlie SecOps Cloud Platform. LCQL Queries This category is dedicated to the sharing and discussion of LimaCharlie Query Language (LCQL) queries. Find and contribute queries for a variety of purposes, including threat hunting, incident response, data analysis, and reporting. Help the community build a library of valuable LCQL resources.
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| About the Community Exchange category |
|
1 | 21 | February 17, 2025 |
| Grok Pattern Resources |
|
0 | 15 | November 20, 2025 |
| Detection for Data Exfil from Host |
|
2 | 47 | September 5, 2025 |
| Detecting Suspicious LSASS Access + Template String Example |
|
1 | 70 | July 22, 2025 |
| Help with Windows Defender false positives from Endpoint Protection |
|
1 | 61 | July 11, 2025 |
| Waking up Sleeper Deployment |
|
2 | 34 | June 3, 2025 |
| Enhancement Request - Local Env Variables or KV Pairs |
|
0 | 15 | May 31, 2025 |
| Outside Business Hours Logon Detection |
|
4 | 63 | March 27, 2025 |
|
Check out the LC IaC Generator!
For inspiration on some interesting capabilities which can be deployed via IaC template, see our open source IaC generator. The LimaCharlie Infrastructure-as-Code (IaC) Generator allows users to select various configura… |
|
2 | 40 | March 14, 2025 |
| Detecting Unauthorized Removable Media |
|
0 | 27 | March 7, 2025 |
|
Using Regex Patterns with Adapters
One of the most powerful features of LimaCharlie’s Adapters is the ability to ingest any data type and utilize the Adapter configuration to customize the telemetry to your liking. One thing I always found useful was the… |
|
1 | 38 | March 3, 2025 |
| Developing A Baseline For Sensitive Process Access |
|
0 | 27 | February 18, 2025 |
| Quickly Find Remote Desktop Logons |
|
0 | 34 | February 17, 2025 |
| Tracking Failed Windows Logons for Threat Hunting |
|
0 | 29 | February 17, 2025 |
| Is rundll32.exe Executed Without Expected Dll Path? |
|
0 | 11 | February 17, 2025 |
| Obfuscation in CLI arguments |
|
0 | 27 | February 14, 2025 |
| Automating Artifact Collection Upon Waking Sleeper Agents |
|
0 | 21 | February 14, 2025 |