October 1st, 2024
Developer Roll Up: September 2024
Christopher Luft
As we close out another month, we're excited to share the latest improvements to the SecOps Cloud Platform. Check out what's new and on the horizon for LimaCharlie:
Events
MSSN CTRL When: Oct 2-4
MSSN CTRL is happening this week in Arlington, VA, bringing together cybersecurity professionals for three days of innovative training, expert insights, and valuable networking. We will be recording the talks and making them public for those who cannot attend in person.
Read our latest blog to learn more about the event
MSSP Alert Live When: Oct 14-16
Visit the LimaCharlie booth at this year's MSSP Alert Live event to connect with the team behind the SecOps Cloud Platform. Stop by to grab some swag and enter our giveaway while you're there!
Defender Fridays When: Every Friday @ 10:30am PT
Join our Defender Fridays series, a weekly exploration of the defensive aspects of cybersecurity featuring insights from experienced industry professionals.
Webinars
Along with our product updates, we hosted several live webinars last month. Check out the recordings:
Hunting with the LimaCharlie Query Console
Diving Deeper into Advanced macOS Detection and Hunting Techniques
—
September’s Releases
Ability to Rename Detection and Response Rules
In this release, we added the ability to rename and modify metadata (expiration date, tags, and comment field) in detection and response rules. This makes it easier for users to manage their hive records at scale and offers a better user experience.
Added Analytics to False Positive Rules
We are continuing to add metrics to make it easy for you to see the performance of different components of your security infrastructure.
In this release, we are exposing entity metrics for false positive (FP) rules. On every false positive rule, users can now see how many times an FP rule has prevented detections from triggering. This is in addition to analytics that already exist on sensors, outputs, and d&r rules. Data is updated every ~15 minutes and stored for three months.
Email Sensor
You can now ingest raw emails directly into LimaCharlie using our new Email sensor. To get started, navigate to the sensors list > add new sensor > email and complete the required steps. For details, visit our technical documentation: https://docs.limacharlie.io/docs/telemetry-adapters-adapter-types-imap
EDR v4.31.0
macOS bug fixes (note that as far as we found out from our testing, we are unaffected by the macOS Sequoia issues other security vendors are having)
Fixing some cases that could lead to temporary files being left behind on disk over time.