Watch this video on
This product training video presented by Nikki Ibarra, Lumu’s Director of Product Marketing, introduces the updated incidents view within the Lumu portal. The portal focuses on improving operability and information accessibility for cybersecurity teams. The presenter highlights how the new interface organizes data into specific tabs — Activity, Highlights, Threat Intelligence, and MITRE ATTACK Matrix — to provide clear context on threat movements and endpoint impact. This structure allows users to filter incidents by type, such as malware or phishing, and manage them directly through actions like closing, muting, or commenting.
Key additions to the Lumu portal include the Operation Timeline, which fosters team collaboration by tracking actions taken on an incident and allowing for shared comments. The portal also emphasizes data portability, offering various export options like STIX reports and CSV files for affected endpoints and contact details. Additionally, the presentation covers how Lumu Defender can automate responses through API and out-of-the-box integrations, enabling real-time intervention to prevent threats from escalating within an organization.
Takeaways
- The new view is designed to enhance operability and accessibility of key cybersecurity information for all users.
- Four distinct tabs (Activity, Highlights, Threat Intelligence, MITRE ATT&CK) provide structured, intentional context for every detected incident.
- The Operation Timeline is a new collaborative feature allowing team members to track actions, status, and leave comments on incidents.
- Incident data, including IOCs, affected endpoints, and STIX reports, can be exported to CSV or other formats for external records.
- Lumu Defender integration enables automated real-time response and blocking of malicious contact by leveraging existing cybersecurity investments.
