LimaCharlie 101: Getting Started with the SecOps Cloud Platform

In this blog post we'll walk you through the essential steps of getting started with LimaCharlie's SecOps Cloud Platform.

This guide is designed for technical security professionals who want to leverage LimaCharlie's capabilities to enhance their organization's security posture. By the end of this guide you will have configured your organization in LimaCharlie, deployed sensors, and enabled detection and response rules.

Step 1: Create an Account and Log In

To begin, create a LimaCharlie account at limacharlie.io. You can use your email or sign in with your Google, GitHub, or Microsoft account. Once you've created your account, log in to access the platform.

Step 2: Set Up Your Organization

When you first login you'll be asked a few short questions about how you intend to use LimaCharlie. You will then be taken to a page presenting a brief overview of the platform. At the bottom of this page is a button that reads “Create Organization”.

To create a new organization:

1. Click “Create Organization”

2. Enter a name for your organization

3. Select the data residency region

4. Choose a plan (start with "General" for now)

5. Click “Create Organization”

Your organization will be created within seconds, and you'll be ready to start configuring sensors.

Step 3: Create Installation Keys

Installation keys are used to specify the type of telemetry you want to ingest into LimaCharlie. They also allow you to group sensors logically within your organization.

To create an installation key:

1. Navigate to the “Installation Keys” section

2. Enter a description for your key

3. Add tags to categorize your sensors (e.g., OS, environment, location)

4. Click "Create Installation Key"

You'll see three different keys: Sensor Key (for EDR-class sensors), Chrome Key (for Chrome OS devices), and Adapter Key (for log forwarding).

Step 4: Deploy Sensors

With your installation key ready, you can now deploy sensors to your endpoints. LimaCharlie supports a wide range of operating systems, including Windows, macOS, Linux, Chrome OS, Chrome browser, and Docker containers.

To deploy a sensor:

1. Select the appropriate installation package for your OS

2. Use the provided command or script to install the sensor on your endpoint

3. The sensor will automatically connect to LimaCharlie and start streaming telemetry

Step 5: Explore Sensor Telemetry

Once your sensor is installed and connected you can view telemetry streaming from the endpoint in real-time.

To view sensor telemetry:

1. Navigate to the “Sensors” page

2. Click on the sensor you want to investigate

3. On the left panel, click “Timeline” to explore displays a millisecond-by-millisecond view of events occurring on the endpoint

You can also access additional sensor functionalities, such as:

• Process listings

• Network connections

• File system browser

• Interactive console

Step 6: Enable Detection and Response Rules

LimaCharlie allows you to leverage pre-built detection and response (D&R) rules or create your own to identify and respond to threats in your environment.

To enable pre-built D&R rules:

1. Navigate to the “Add-ons” page

2. Subscribe to rule sets like Sigma, SnapAttack, or Soteria

3. The selected rules will be automatically applied to your organization

Once enabled, these D&R rules will continuously analyze the telemetry from your sensors and generate alerts when suspicious activity is detected.

Next Steps

Congratulations! You've successfully set up your LimaCharlie organization, deployed sensors, and enabled detection and response rules. In upcoming blog posts, we'll dive deeper into creating custom D&R rules, investigating alerts, and leveraging LimaCharlie's advanced capabilities to secure your environment.

Additional resources:

• Getting started 101 video

• Schedule a call with our solutions engineers