Limacharlie – Endpoint monitoring stack

0
0

LIMACHARLIE is an endpoint security platform. It is itself a collection of small projects all working together to become the LC platform. LC gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment allowing you to manage and push (in memory) additional modules. The main module (at the moment) is the HBS sensor, which provides telemetry gathering and basic forensic capabilities.

The cloud component allows you to automate investigation and mitigation with the sensor in real-time using the simple python Hunter framework. LIMA CHARLIE can be used with a SIEM to correlate security events and detect intrusion on remote systems.

LimaCharlie Object view

LimaCharlie Object view

This type of monitoring may help soc team to detect suspicious process launched on the endpoint and provide a better visibility on what is going on the endpoint from the security prospective. the detection with the agent include the following:

  1. Stateless detections generate detects from the context of a single event, no correlation, making them the simplest detections.
  2. Stateful detections analyze multiple events from sensors in correlation with each other in time and or content.
  3. Hunters serve as higher level automation. They can either execute in response to a detect being generated, or they can spontaneously execute at recurring time intervals.
  4. Sensor Capabilities where user may select the profile required to detect certain executables on the endpoint
  5. Event listing this will be important capability when the user is looking to have a full scenario of the attack collected from the endpoint

You can find a wiki and download the latest release of this over here: https://github.com/refractionPOINT/

Share