Community Exchange

Playbooks A place to share Python playbooks for use in LimaCharlie. Adapter Parsers A place to share adapter parsers for specific log formats. To learn more about adapter parsers, see our docs: https://docs.limacharlie.io/docs/adapter-usage#parsing-and-mapping IaC Templates A place to share IaC (Infrastructure-as-Code) templates for the LimaCharlie SecOps Cloud Platform. Detection & Response Rules This category is dedicated to all things Detection & Response. Share your custom D&R rules, detection logic, incident response playbooks, and automation rules. Learn from others and contribute to the community’s collective defense. LCQL Queries This category is dedicated to the sharing and discussion of LimaCharlie Query Language (LCQL) queries. Find and contribute queries for a variety of purposes, including threat hunting, incident response, data analysis, and reporting. Help the community build a library of valuable LCQL resources.

Topic	Replies	Views	Activity
About the Community Exchange category Community Exchange	1	7	February 17, 2025
Check out the LC IaC Generator! IaC Templates iac For inspiration on some interesting capabilities which can be deployed via IaC template, see our open source IaC generator. The LimaCharlie Infrastructure-as-Code (IaC) Generator allows users to select various configura…	2	12	March 14, 2025
Detecting Unauthorized Removable Media Detection & Response Rules detection , windows	0	7	March 7, 2025
Outside Business Hours Logon Detection Detection & Response Rules detection , windows	1	7	March 7, 2025
Using Regex Patterns with Adapters Adapter Parsers One of the most powerful features of LimaCharlie’s Adapters is the ability to ingest any data type and utilize the Adapter configuration to customize the telemetry to your liking. One thing I always found useful was the…	1	9	March 3, 2025
Developing A Baseline For Sensitive Process Access LCQL Queries windows , lcql	0	7	February 18, 2025
Detecting Suspicious LSASS Access + Template String Example Detection & Response Rules detection , windows	0	9	February 18, 2025
Quickly Find Remote Desktop Logons LCQL Queries	0	12	February 17, 2025
Tracking Failed Windows Logons for Threat Hunting LCQL Queries lcql	0	5	February 17, 2025
Is rundll32.exe Executed Without Expected Dll Path? LCQL Queries lcql	0	3	February 17, 2025
Obfuscation in CLI arguments Detection & Response Rules detection , windows	0	6	February 14, 2025
Automating Artifact Collection Upon Waking Sleeper Agents Detection & Response Rules detection , windows	0	7	February 14, 2025