This training session provides a comprehensive overview of the Lumu portal, focusing on new metadata collection methods and integration capabilities. Nikki Ibarra, Lumu’s Director of Product Marketing, introduces the log forwarder as a flexible alternative to virtual appliances for gathering network signals across Windows and Linux environments.
Additionally, the session highlights the importance of automated response integrations with tools like Cisco Secure Endpoint and WatchGuard Firebox to mitigate threats in real-time before they move laterally through the network. The presenter explains that Lumu focuses on network metadata because attackers must traverse the network to launch their campaigns, making visibility there crucial.
Takeaways
- Lumu analyzes noisy network metadata to identify confirmed compromises and initiates auto-responses with tools like firewalls and EDRs.
- The log forwarder is a new, flexible metadata collector method that supports Windows and Linux for environments where virtual appliances are not practical.
- Data grouping rules allow operators to assign labels to IP ranges or exclude traffic from test environments to reduce portal noise.
- Cybersecurity operators can prioritize incidents by sorting them based on the number of contacts and the specific endpoints affected.
- The Mitre Attack Global Matrix helps organizations understand the most popular tactics used against them, such as spear phishing, to build better defense strategies.
FAQs
What is the new log forwarder feature in the Lumu portal?
It is a flexible metadata collector method for Windows and Linux designed for organizations that cannot deploy virtual appliances.
How does Lumu integrate with an existing security stack for response?
Lumu uses out-of-the-box integrations to communicate with firewalls, EDRs, and perimeter defense tools to automatically block or contain threats.
Can I filter out traffic from specific IP addresses in the portal?
Yes, using the data grouping rules, you can identify a group of IPs as excluded activity so they do not create noise in the portal during testing.
What is the benefit of the Google Chat integration?
It integrates Lumu incidents and alerts into specific chat channels or spaces to help with cross-team collaboration.
Where can users find help for setting up collectors or integrations?
Users can access documentation at docs.lumu.io or open a support ticket directly through the portal.
