Official documentation for LimaCharlie, the SecOps Cloud Platform.
Live Site: https://refractionpoint.github.io/documentation/
# Install dependencies
pip install -r requirements.txt
# Preview locally with live reload
mkdocs serve
# Open http://127.0.0.1:8000/documentation/-
Create the markdown file in the appropriate folder:
docs/2-sensors-deployment/adapters/types/my-new-adapter.md -
Add to navigation in
mkdocs.yml:- Adapters: - My New Adapter: 2-sensors-deployment/adapters/types/my-new-adapter.md
-
Preview locally to verify:
mkdocs serve # Open http://127.0.0.1:8000/documentation/ -
Commit and push (or create a PR):
git add docs/ mkdocs.yml git commit -m "Add documentation for My New Adapter" git push
-
Edit the markdown file directly
-
Preview locally to verify changes:
mkdocs serve
-
Commit and push:
git add docs/path/to/modified-file.md git commit -m "Update documentation for XYZ" git push
No need to modify mkdocs.yml unless changing the page title in navigation.
-
Delete the markdown file
-
Remove from navigation in
mkdocs.yml -
Search for broken links - check if other pages link to the deleted page:
grep -r "deleted-file.md" docs/ -
Commit and push:
git add -A git commit -m "Remove deprecated XYZ documentation" git push
When you open a PR:
-
Automated checks run:
- Documentation builds with
--strictmode - Link checker scans for broken links
- Markdown linting validates formatting
- Documentation builds with
-
Preview deployment is created automatically at:
https://refractionpoint.github.io/documentation/pr-preview/pr-{NUMBER}/ -
Review and merge - changes deploy automatically to the live site
Use language-specific code fences for syntax highlighting:
```yaml
detect:
op: is
path: event/FILE_PATH
value: malware.exe
```
```bash
limacharlie sensor list --json
```
```python
import limacharlie
manager = limacharlie.Manager(oid='...', secret_api_key='...')
```Supported languages: yaml, bash, python, go, json, powershell
docs/
├── 1-getting-started/ # Introduction, quickstart, use cases
├── 2-sensors-deployment/ # Sensors, adapters, installation
├── 3-detection-response/ # D&R rules, examples, managed rulesets
├── 4-data-queries/ # LCQL, query console, events
├── 5-integrations/ # Outputs, extensions, API integrations
├── 6-developer-guide/ # SDKs, CLI, building extensions
├── 7-administration/ # Access, billing, config hive
└── 8-reference/ # Commands, events, operators, FAQ
LimaCharlie is a SecOps Cloud Platform providing:
- Endpoint Detection & Response (EDR) - Windows, Linux, macOS, Chrome, containers
- Detection & Response Rules - Custom detection logic with automated responses
- Real-time Telemetry - Centralized event streaming and data collection
- Adapters - Ingest logs from cloud providers, security tools, SaaS apps
- Extensions - Velociraptor, YARA, Zeek, and more
- API-first Architecture - Full platform control via REST API and SDKs
| Section | Description |
|---|---|
| Getting Started | Introduction, quickstart, use cases |
| Sensors | Endpoint agents, adapters, installation |
| Detection & Response | D&R rules, examples, managed rulesets |
| Data & Queries | LCQL, query console, events |
| Integrations | Outputs, extensions, API integrations |
| Developer Guide | SDKs, CLI, building extensions |
| Administration | Access, billing, config hive |
| Reference | Commands, events, operators, FAQ |
| SDK | Install | Docs |
|---|---|---|
| Python | pip install limacharlie |
Python SDK |
| Go | go get github.com/refractionPOINT/go-limacharlie |
Go SDK |
| Workflow | Trigger | Purpose |
|---|---|---|
docs.yml |
Push to master | Build & deploy to GitHub Pages |
pr-preview.yml |
Pull request | Deploy preview, add PR comment with link |
link-checker.yml |
PR, push, weekly | Check for broken links, lint markdown |
- Live Docs: https://refractionpoint.github.io/documentation/
- Platform: https://limacharlie.io
- Web Console: https://app.limacharlie.io
- Community: https://community.limacharlie.io