LOTL Hunter Playbook - Support Information
============================================

Product: LOTL Hunter Playbook
Version: 1.0
Release Date: 2026-02-27
Support Period: 90 days from purchase
Website: https://cyborama.com
Contact: support@cyborama.com

## 📞 Getting Help

### Support Channels
1. **Email Support:** support@cyborama.com
   - Response time: 24-48 hours (business days)
   - Include your order number and specific issue
   
2. **Documentation:** Refer to the included guides
   - 01_Getting_Started.md - Basic setup
   - 02_Deployment_Checklist.md - Full deployment
   - 03_Investigation_Playbook.md - How to investigate

3. **Community:** GitHub Discussions
   - https://github.com/cyborama/lotl-hunter/discussions
   - Share custom rules and configurations
   - Get help from other users

### Before Contacting Support
Please check:
- [ ] You're using the latest version
- [ ] You've reviewed the relevant guide
- [ ] You've tested on a non-production system
- [ ] You have error messages or logs ready

## 🔄 Updates & Upgrades

### Rule Updates
- **Frequency:** Monthly security rule updates
- **Source:** GitHub repository
- **Method:** Download latest rules from:
  https://github.com/cyborama/lotl-hunter/rules

### Version Updates
- **Major versions:** Paid upgrade (50% discount for existing customers)
- **Minor versions:** Free updates during support period
- **Security patches:** Always free

### Update Procedure
1. Backup your current configuration
2. Download new rules/version
3. Test in non-production environment
4. Deploy to production

## 📋 Common Issues & Solutions

### PowerShell Script Issues

**Issue:** "Script cannot be loaded because running scripts is disabled"
```
Solution: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
```

**Issue:** "Access denied" errors
```
Solution: Run PowerShell as Administrator
```

**Issue:** Script runs but finds nothing
```
Solution: Check PowerShell version (needs 5.1+)
Solution: Run with -FullScan parameter
```

### Dashboard Issues

**Issue:** Dashboard won't start (port in use)
```
Solution: Change port: python app.py --port 5001
Solution: Find and kill process using port 5000
```

**Issue:** "Module not found" errors
```
Solution: pip install -r requirements.txt
```

**Issue:** Database errors
```
Solution: Check file permissions on lotl_findings.db
Solution: Delete corrupted database file (backup first)
```

### Performance Issues

**Issue:** Scans taking too long
```
Solution: Use -QuickScan for daily scans
Solution: Schedule during off-hours
Solution: Exclude non-critical paths
```

**Issue:** High CPU/Memory usage
```
Solution: Adjust scan intervals
Solution: Limit concurrent scans
Solution: Upgrade hardware if needed
```

## 🛡️ Security Considerations

### Script Security
- **Review code** before deployment
- **Sign scripts** if required by policy
- **Restrict access** to script directory
- **Monitor script execution** in logs

### Data Security
- **Encrypt** sensitive reports in transit
- **Secure** dashboard with authentication
- **Limit access** to findings database
- **Regularly purge** old reports

### Network Security
- **Use HTTPS** for dashboard access
- **Firewall rules** for uploads
- **VPN** for remote access
- **Monitor** for unauthorized access

## 📊 Logging & Troubleshooting

### Enable Debug Logging
```powershell
# PowerShell scripts
$Script:LogPath = "C:\Logs\LOTL-$(Get-Date -Format 'yyyyMMdd').log"
Write-Log "Debug: Starting scan" -Level Debug
```

```python
# Python dashboard
app.logger.setLevel(logging.DEBUG)
```

### Common Log Locations
- **PowerShell logs:** %TEMP%\LOT-Squatch-*.log
- **Dashboard logs:** Console output or app.log
- **Windows Event Logs:** Application and Security logs
- **Task Scheduler logs:** Event ID 100, 101, 102

### What to Include in Support Requests
1. **Error message** (exact text)
2. **Log files** (relevant sections)
3. **System information** (OS, PowerShell version)
4. **Steps to reproduce**
5. **What you've tried**

## 📝 License Information

### Usage Rights
- **Single administrator** license
- **Unlimited endpoints** you administer
- **Modification allowed** for your own use
- **Redistribution prohibited**

### Restrictions
- No commercial MSP use without additional license
- No resale or redistribution
- No removal of copyright notices
- No use after license expiration (if applicable)

### Compliance
- Keep records of deployment (number of admins)
- Report unauthorized use if discovered
- Purchase additional licenses for additional admins

## 🔮 Roadmap & Future Features

### Planned Features (2026)
- Q2: Linux/macOS support
- Q3: Real-time monitoring option
- Q4: SIEM integration templates

### Feature Requests
Submit via: https://github.com/cyborama/lotl-hunter/issues

### Beta Testing
Join our beta program: beta@cyborama.com

## 🤝 Partnership Opportunities

### MSP Program
- Volume discounts
- White-label options
- Technical training
- Co-marketing opportunities

### Enterprise Licensing
- Site-wide licenses
- Custom development
- Integration services
- Dedicated support

### Reseller Program
- Margins on sales
- Marketing materials
- Technical support
- Sales training

Contact: partnerships@cyborama.com

---

## ⚠️ Important Notices

### End of Support
Support ends 90 days after purchase unless extended.
Extended support available for annual fee.

### Warranty Disclaimer
This software is provided "as is" without warranty of any kind.
Cyborama, LLC shall not be liable for damages arising from its use.

### Updates Required
Security threats evolve rapidly. Regular updates are essential.
We recommend updating rules at least monthly.

---

**Cyborama, LLC – "Threat Intelligence with Teeth™"**
*OT Security Solutions for Industrial Environments*