Live-View Walkthrough

The LimaCharlie web application provides a console which allows users to interact with any given endpoint in real-time (assuming it is online). Through this live-view console users can perform the following tasks:
  • Get general information on the endpoint. Things such as hostname, operating system, tags, internal and external IP addresses.
  • Control which event telemetry is sent to the cloud from the given endpoint.
  • Access a console from which 40 different sensor commands can be run.
  • View a live feed of events as they take place on the endpoint.
  • View, suspend and restore any processes running on the endpoint. View modules, Memory strings and network connections.
  • Access the file system and download any file or send a hash to VirusTotal with the click of a button.
  • View network connections.
  • Run a sweep that goes through the current state of the host in depth and highlight any suspicious activity. 
Documentation on all of the sensor commands that can be run on the endpoint can be found here.

Documentation on the events and their telemetry can be found here.

This video is a high-level walkthrough of the live-view into an agent. Through this interface the user is able to send commands, get information, scan for suspicious activity and more.