The Agent

The LimaCharlie agent is a light-weight program that gets installed on the computers - or endpoints - that you want to protect. It employs a customizable rule-based system that can detect more than 50 types of events. These events can then trigger an automated response.

The agent runs on 32-bit WIndows all way back to Windows XP through to the most modern version of 64-bit Windows. It can run on all flavours of Linux, both 32 and 64 bit. LimaCharlie also provides a build for MacOS, and can produce custom builds for Solaris and BSD on request. Most recently we have ported the sensor to the ARM architecture for both 32 bit and 64 bit Windows and Linux. We are currently experimenting with builds for MIPS and Android.

The agent itself is written in C and then compiled for each different platform and architecture it runs on. What this means is that LimaCharlie provides true feature parity across all the different operating systems. The only exceptions to this are platform specific functions such as monitoring Windows registry operations, etc.

 The agent is approximately 500kb in size but that varies a little depending on which platform it is compiled for. While running it consumes less that 1% CPU but does spike very briefly when certain events take place like an application starting up.

Sensors are designed to limit the potential for abuse resulting from unauthorized access to the LimaCharlie platform. This is achieved by limited open-ended commands as well as commands that could enable an attacker to covertly upload malicious software to your hosts. This means the LimaCharlie sensor is extremely powerful but also keeps its "read-only" qualities on your infrastructure. Of course, all access and interactions with the hosts are also logged for audit both within the cloud and tamper-proof forwarding to your own infrastructure.  

Documentation outlining the various events that can be detected are here.

Documentation outlining the detection and response mechanisms can be found here.

Documentation relating to the technical aspects of - or programmatically installing - the sensors can be found here.