querying-limacharlie
OfficialUncover security insights, automate threat hunting.
AuthorrefractionPOINT
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill empowers you to effortlessly search, analyze, and investigate security telemetry from endpoints and cloud sources using LimaCharlie Query Language (LCQL). It eliminates the complexity of manual data sifting, allowing you to quickly identify threats, investigate incidents, and generate compliance reports, so you can focus on strategic security.
Core Features & Use Cases
- Threat Hunting: Proactively search for suspicious activities like unsigned executables, unusual process behavior, or encoded PowerShell commands across your entire environment.
- Incident Investigation: Rapidly build timelines of host activity, track Indicators of Compromise (IOCs), and analyze network connections to understand the full scope of an incident.
- Compliance & Reporting: Generate detailed reports on user logon activity, network traffic patterns, and software inventory for auditing and regulatory compliance.
- Use Case: Quickly identify all PowerShell executions with encoded commands across your Windows fleet in the last 24 hours to detect potential malware.
Quick Start
Use the querying-limacharlie skill to find all network connections made to IP address 1.2.3.4 on Windows hosts in the last 7 days.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: querying-limacharlie Download link: https://github.com/refractionPOINT/documentation/archive/main.zip#querying-limacharlie Please download this .zip file, extract it, and install it in the .claude/skills/ directory.