Hello,

I've been getting into LimaCharlie today as part of a lab I built out and I love it so far. There's only one annoying thing- the time in logging/timeline and with the interface are incorrect even though I set my time zone. Has anyone else experienced this issue? I've attached screenshots I took showing three different dates/times. I captured the screenshots at the exact same time.

1. June 18, 2024 at 01:07 (correct time on my computer)
2. June 17, 2024 at 18:07 (incorrect time/date shown on LimaCharlie timezone settings dropdown)
3. June 17, 2024 at 05:07 (incorrect time/date shown on Timeline logging)

https://preview.redd.it/6fdj3l79a97d1.png?width=257&format=png&auto=webp&s=af064a4db58f740bb8f2a9433b54eaa7046a18cf

https://preview.redd.it/7qvs0y79a97d1.png?width=208&format=png&auto=webp&s=981dafc4758c81cd9972a8a895815b0e3075e2f5

https://preview.redd.it/vorp3w99a97d1.png?width=265&format=png&auto=webp&s=48d497aeb87c0be508f2b3edbea84d0bde7e9075

Another months rolls off of the calendar. It has been a busy one for the team at LimaCharlie. We launched Comms and updated the EDR sensor.

Read about it here: https://www.limacharlie.io/blog/2021/10/2/september-developer-roll-up

Building a cybersecurity product? Save years of development & maintain a high margin by leveraging specific functionality from LimaCharlie’s powerful endpoint agent. Usage-based billing ensures costs will stay low.

Learn more: https://www.limacharlie.io/blog/2021/9/29/get-to-market-quicker-with-limacharlie

LimaCharlie brings an engineering mindset to cybersecurity. Our Replay feature allows users to easily test detection rules against historical telemetry, opening the door for a continuous integration or continuous deployment approach for an organization's change control process.

See how easy it is to operationalize: https://www.limacharlie.io/blog/2021/9/17/running-detection-amp-response-rules-against-historical-telemetry

https://preview.redd.it/jz4yypmi1wo71.png?width=766&format=png&auto=webp&s=c58b86bd776810c3f90271824c34543560af8362

LimaCharlie Replay allows operators to quickly and easily run detection logic against historical telemetry. It can be used for continuous integration or checking for long past indicators of compromise.

See how easy it is: https://www.youtube.com/watch?v=kya7Lz\_Yf4I

Read about LimaCharlie’s new solution for operations at scale. Comms is not SIEM but solves a lot of the same problems. It is like Slack with superpowers custom built for incident responders.

Read about why we built it: https://www.limacharlie.io/blog/2021/9/16/limacharlies-solution-to-operations-at-scale

Comms is operations at scale. It is purposely not a SIEM but solves a lot of the same problems. Comms allows teams to work together in real-time and is deeply integrated with all aspects of the LimaCharlie platform.

See how powerful it is: https://www.youtube.com/watch?v=cEYRZSK_4mY

​

https://preview.redd.it/pf4my2j5wpn71.png?width=1640&format=png&auto=webp&s=510f58d4b2044b144984b17f89adecc94e9912be

Create a D&R rule directly from endpoint telemetry. LimaCharlie makes powerful cybersecurity capabilities accessible. Watch how easy it is to create custom D&R rules: https://www.youtube.com/watch?v=s9uN18MGB_M

Summer is winding down but the team at LimaCharlie is just getting things warmed up. We have some really great updates to share and are excited for what is coming over the next few months.

https://www.limacharlie.io/blog/2021/9/1/august-developer-roll-up

Listen to LimaCharlie founder Maxime Lamothe-Brassard as he speaks with Felicia King on Breakfast Bytes regarding "Gaps in EDR/EPP paradigms and what to do about them" - an insightful conversation into the state of endpoint security.

https://qpcsecurity.podbean.com/e/gaps-in-edrepp-paradigms-and-what-to-do-about-them/

LimaCharlie has begun to integrate antivirus into our detection stream. Our first foray is with Windows Defender. Read more about the integration here: https://www.limacharlie.io/blog/2021/7/27/the-road-to-anti-virus-integration

​

https://preview.redd.it/y9nk2fdyisd71.jpg?width=1920&format=pjpg&auto=webp&s=223f37995f962e4bd03f3e92f5184503e1d32fc5

Hey all, Rowan from the LimaCharlie team here. Super excited to let you know we standardized our date handling across the web app to format them in 👏 any 👏 time 👏 zone 👏. You can set your preference (default is UTC) in your user profile and timestamps across the app will then be formatted with that preference in mind.

We've already noticed the improvement in quality of life internally and we hope this lowers the cognitive load for everyone in answering the question: what happened and when? I think it especially makes a big difference when looking at the Timeline view of a sensor.

Hope you enjoy. Happy monitoring / hunting!

A screenshot of time zone selection, accessible from Settings within your User Profile.

We have added a new course to our free learning platform that walks users through the LimaCharlie Add-on Marketplace. Learn how easy it is to get new superpowers or create your own.

Register here: edu.limacharlie.io

https://preview.redd.it/zs1eowz3fu971.png?width=1277&format=png&auto=webp&s=d17262af762c4fa3f5990856883bca0e5ab1dac1

Solving security problems at scale is what we like to do. Today we are announcing an upgrade to our infrastructure as code (IaC) approach. You can now modify your configuration file directly from the web application.

Learn more: https://www.limacharlie.io/blog/2021/7/6/infrastructure-service

​

https://preview.redd.it/sbjy00rdmm971.png?width=800&format=png&auto=webp&s=c114a1bc43af6406edcc9267e1b173e0567fdb9d

Our development roll up this month includes one of the most exciting innovations LimaCharlie has made to date. Along with our predictable per endpoint pricing model, we are now offering a pure usage-based billing model for our Endpoint Detection & Response (EDR) capability. Along with this industry first we have also made some changes to the API, refactored the Add-ons Marketplace experience 

Usage-Based Billing

LimaCharlie is doing something that has never been done before in cybersecurity. Along with our predictable per endpoint pricing model, we are now offering a pure usage-based billing model for our Endpoint Detection & Response (EDR) capability. Pricing under this model is calculated solely on the time the sensor is connected, events processed and events stored.

1. Incident responders will now be able to offer pre-deployments to their customers at almost zero cost. That is, they can deploy across an organization's entire fleet and lay dormant in ‘sleeper mode’ at a cost of just US$0.02 per month. With agents deployed ahead of an incident, responders can offer SLA’s that their competition can’t even dream about. Respond with the full power of the platform in minutes of an incident occurring.
2. Product developers can take advantage of usage-based billing to leverage narrow bands of functionality at a low cost. This means you can get the functionality you need without building it from the ground up or paying for a full EDR deployment: keep more of your margins. Nobody else is even thinking about this, and we are so excited to see what people build.

Usage-based billing is currently only available for new organizations and on a limited basis. Please contact us at answers@limacharlie.io for more information and to get a new organization set up for usage-based billing.

VirusTotal API

We've updated the lcr://api/vt API that can be used in D&R rules to support Domains and IPs on top of the existing Hashes support.

Usage is exactly as before, the value provided in the lookup will automatically be detected to be a Domain, IP or Hash.

An example of a rule leveraging VirusTotal for Domains can be found here.

​

New Add-ons Marketplace

We've done a redesign of our add-on browsing / management experience. 

Some highlights:

• Add-ons now live in a marketplace which you can browse anytime, specifying which org(s) you want to subscribe to add-ons
• Add-ons are now searchable, both from the marketplace and within orgs
• Add-on authors now get separate preview descriptions & full markdown descriptions to better promote their add-ons
• We've done a content audit to make sure our published add-ons are as descriptive as possible so everyone can set them up and use them
• The Add-ons view within orgs is now a focused list of add-ons that are currently enabled in that org
• Detection add-ons are now marked for deprecation, meaning we don't show them in the new marketplace. We feel that managed rule sets via Service add-ons are a better experience overall since you can simply enable them with no extra steps

For those already familiar with Add-on system in LimaCharlie you can see a tour of the update here.

For those unfamiliar with the LimaCharlie Add-on Marketplace, a full walkthrough with implementation examples can be found here.

Sensor v4.25.1

• Enhanced hashing on Windows.
• More reliable process parent/child tracking under load.

In an industry first, LimaCharlie is introducing a pure usage-based billing scheme for its EDR capability. Deploy a full-featured, cross-platform agent for as little as $0.02 an endpoint.

Read about what this means for cybersecurity: https://www.limacharlie.io/blog/2021/6/29/an-industry-first