All Collections
Detect & Respond


How does sleeper deployment work with LimaCharlie?
Do YARA scans apply to files in memory?
Can I replay the detection logic run on WEL events?
What is the difference between segregation and isolation in LimaCharlie?
How does the network isolation feature work in LimaCharlie?
Do you have an example of the D&R rule based on Windows Defender data?
How do I determine which D&R rule (or other actor) triggered a command on an endpoint?
How can I suppress response actions in LimaCharlie?
How can I create a D&R rule using a threat feed?
How to add a D&R rule to detect a specific domain
Will I get a detection when a specific directory or registry path changes?
How do I create a detection & response (D&R) rule based on artifacts/logs collected?
How can I get an alert when my organization is over quota?
How can I get details around the format for regular expressions used in D&R rules?