The Artifact Collection system allows you to ingest artifact types like:

  • Plain text logs (syslog for example)

  • Windows Event Logs

  • PCAPs

  • Windows Prefetch files

  • Windows PE (executables) files

  • Zeek (previously Bro)

  • Full memory dumps

  • Generic JSON

  • OLE (MS Word, Excel etc)

  • Windows MFT CSV Listing

Those artifacts can be ingested from hosts running a LimaCharlie sensor, or they can be pushed to the LimaCharlie platform via a REST interface.

To learn more about the LimaCharlie's artifact collection capabilities, visit our technical documentation. To access a step-by-step guide about bringing the Windows Event Logs into LimaCharlie, visit this help center article.

Did this answer your question?