Developer Update: Managed rule set enhancements
The team at LimaCharlie has been heads down working on making some big improvements to the platform. This month we have been doing a lot of work to make the function of imported rules more visible. At LimaCharlie we believe cybersecurity needs to be transparent: the exact set of malicious activity and behavior you’re protected from should be known and you should be able to test/prove this.
Users can now click on individual rules from Sigma and Soteria rulesets; they can see the content of all Sigma rules, as well as enable/disable individual rules from both rulesets.
All rules from Sigma and Soteria can now also be replayed against historical traffic enabling even more granular retroactive threat hunting capabilities.
Users have the ability to add and remove tags from any rule (including managed rulesets) making it easy to categorize detection & response rules and manage them at scale.