LimaCharlie

Category

EDR

Stage

planning

Need This?

Open a ticket or reach out to initiate the integration of this technology 🎉

Example

# Detection
op: ends with
event: NEW_PROCESS
path: event/FILE_PATH
value: wanadecryptor.exe
case sensitive: false

# Response
- action: report
  name: wanacry
- action: task
  command: history_dump
- action: task
  command:
    - deny_tree
    - <<routing/this>>