Watch this video on
This training session provides a comprehensive overview of how to achieve a fast and precise attack response using Lumu Defender and SentinelOne. The presentation focuses on configuring the out-of-the-box SentinelOne XDR integration for incident response, enabling organizations to address threats in real time. It introduces Lumu Insights, which offers asset-level visibility regarding contact with adversarial infrastructure, and Lumu Defender, which builds on these insights to allow immediate and effective remediation across the network.
Additionally, the session highlights key operational features within the Lumu Portal, such as obtaining detailed incident contexts, threat triggers, and utilizing malware incident response playbooks. It also showcases Lumu’s Global MITRE ATT&CK® Matrix feature, which helps security teams visualize, sort, and filter data to better prioritize high-priority incidents. By understanding the specific techniques and tactics attackers use, defenders can more accurately assess how threats impact their organization and streamline their response strategies.
Takeaways
- Mitre Attack Integration: The platform features a Global Attack Matrix that maps organizational incidents to specific Miter tactics and techniques, providing a “bird’s eye view” of how attackers are targeting the business.
- Integration Requirements: Setting up the SentinelOne response integration requires the SentinelOne console URL (with the trailing slash removed), an API token, and the selection of a specific account, site, or group scope.
- Automated Threat Syncing: During the demo, Lumu successfully pushed approximately 3,400 specific IOCs to the SentinelOne blacklist, categorizing the source as “User” within the SentinelOne management console.
- Incident Contextualization: Within the Lumu portal, individual incidents contain multiple tabs including “Highlights” for timelines, “Threat Intelligence” for hash files and playbooks, and “Detections” for granular endpoint details.
