Skip to main content
LimaCharlie allows teams to receive events from platforms including Secure Annex using Destinations. This guide covers the configuration in LimaCharlie to do so.

Setup

In LimaCharlie, create a new JSON logs sensor. New log sensor Select an installation key for your cloud sensor. Select install key Configure options for the sensor. The adapter name and secret will be used in the webhook URL generated. Configure data source Once created, in LimaCharlie navigate to Sensors List > Cloud Adapters > the sensor you created. The masked URL field can be copied and added to Secure Annex as a destination. Find webhook URL

Detection rule creation

D&R rules can be run against the events received by LimaCharlie. Here is an example rule that will create alerts for new verdict’s applied to extensions. 
event: json
op: and
rules:
  - op: is
    path: routing/hostname
    value: secure-annex-limacharlie
  - op: is
    path: event/event_type
    value: verdict

- action: report
  name: Secure Annex verdict applied
I