Lumu Agent

Lumu Agent

As we show in our Lumu Insights Deployment and Integration guide, organizations can enjoy full compromise visibility with Lumu, independent of whether users connect via VPN or straight to cloud-based applications.

The  Lumu Agent is an endpoint software program provided by Lumu that is installed on a user's machine. This enables the monitoring of remote devices no matter where they are.
The Lumu Agent runs silently while intentionally and continuously collecting network metadata to be analyzed by Lumu for measuring compromise in real time.

Lumu roaming deployment architectureFigure 1 - Lumu roaming deployment architecture.

The Lumu Agent can be deployed easily to your entire user population, and you can control the installation groups and status of each agent at a glance through the Lumu Portal.

Agent management area - Lumu PortalFigure 2 - Agent management area of Lumu Portal.

Requirements

The Lumu Agent is included with Lumu Insights. If you are a Lumu Free customer, the ability to deploy agents to monitor compromise across all devices in one single place can be enabled as an add-on. Alternatively, you can upgrade to Lumu Insights, which offers you additional correlation capabilities, spambox, and overall better compromise detection.

Read more about the Agent add-on for Lumu Free in our FAQ .

Installation Groups

In this section, you can manage all the installed agents in your company through installation groups. You can set installation groups by geography, domains, critical assets, or as needed. Each installation group will have a unique activation code for deploying agents.

Create Installation Group

1. To add an installation group, go to the Lumu Portal, navigate to the “Agents” menu, and click on the “Create group” button.

2. Provide the following information:
  1. Name: a name for your installation group.
  2. Label: select or create a default label which devices’ metadata will be associated with.
  3. Agents: the number of agents (quota) you want to allocate to this installation group.
Creating an installation groupFigure 3 - Creating an installation group.
Labels give you the power to sort your traffic by geography, departments, business units, critical assets, or as needed. You can learn more about how to define rules and manage labels to segment the agent’s traffic in our documentation .

The agent quota is the number of agents you can activate for your company. You can see the information regarding your quota and activated agents in the Agent section of the Lumu Portal (1). The quota is set accordingly to your Lumu Insights subscription or on the number of agents you specified when enabling the add-on subscription for Lumu Free.

The company quota can be partitioned into installation groups, the sum total of the installation group quotas can be higher than the global quota assigned to the company. When the maximum number of activated agents in the group quota or the global quota is reached, a quota warning message will be shown (2), and you will no longer be able to install new agents. To continue activating new agents, you need to delete existing agents or contact a Lumu sales representative to discuss your needs.

Agent quotaFigure 4 - Agent quota.
3. When creating an installation group, a unique activation code will be provided. You can consult this activation code at any time in the group description.
In order to activate your installed agents, you must create at least one installation group.
Activation code for an installation groupFigure 5 - Activation code for an installation group.

Manage Installation Group

In this area of the Lumu Portal, you can change the status (1), edit (2), or delete (3) installation groups.

Installation group managementFigure 6 - Installation group management.

Understanding the Installation Group statuses:

  1. Open: allows the installation group to activate agents until it reaches the number of agents specified. This is the default status when creating an installation group.
  2. Closed: does not allow new agents to be activated using the group activation code, all previous agents activated previously will remain active and continue collecting metadata.
  3. Full: the status will be set automatically to “Full” when the installation group reaches the maximum number of agents specified. Once the group status is “Full”, it is not possible to perform status changes or activate new agents for this group. To continue managing the status of a full group or activate new agents, you must increase the group quota or create a new group.

In this area of the Lumu Portal, you can also edit the installation groups’ data. You can change the group name, the label, and its agent quota. When you change a label for an installation group, all agents that are part of that group will have its label updated also. Notice that events already collected will not change the label information when updating group information, this only apply for new events.

When deleting an installation group, all agents that are part of the group will be deactivated.

Download Installation File

For downloading an agent installation file, go to the Lumu Portal, navigate to the Agents menu and click on the “Windows Client” button (1), then select the installation type according to your IT assets management system needs:

  1. Online Installer (2): this installer downloads the latest available files and settings required for installation and keeps the agent updated. Recommended for single installations.
  2. Offline installer (3): includes all files required for installation, no additional files are downloaded. Recommended for bulk deployments.

Agent install filesFigure 7 - Agent install files.

For understanding about installation files and for installation instructions, consult our documentation:
  1. Lumu Agent for Windows

Agents View

In the Agents section of the Lumu Portal, you have information regarding all your agents at a glance. All the information is collected automatically from each device that runs the agent and visible at your Lumu Portal:

  1. Hostname: the device identification on your network.
  2. Agent: the agent version.
  3. Group: the installation group from which this device was activated.
  4. Label: the label that was set (for the installation group). You can also click edit and apply another label for this device.
  5. Last Sync: the last date Lumu received sync data from this device.
  6. Registered: the date/timestamp the device was activated.
  7. Operating System: the operating system of the device.
  8. OS Version: the version of the operating system.

In this area, you can filter the agents by installation groups or labels. For deleting an agent just select the agent and click on the button “Delete”. When an agent is deleted, it will be deactivated and stop to send metadata to Lumu for Compromise Assessment. After deleting an agent, we recommend uninstalling it from the device.

Agents view - Lumu PortalFigure 8 - Agents view.

Incident Response

We recommend being familiar with Lumu Incident Response Playbooks that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.

To know more about Lumu Portal:
  1. Lumu Portal
  2. Collectors
  3. Lumu Agent for Windows
  4. Deploy Lumu Agent using Group Policy (GPO)
        • Related Articles

        • Lumu Agent for Windows

          A Lumu Agent is an endpoint software program provided by Lumu that is installed on a user's machine. This enables the monitoring of remote devices no matter where they are. The Lumu Agent runs silently while intentionally and continuously collecting ...
        • Deploy Lumu Agent using Group Policy (GPO)

          The installation of the Lumu Agent for Windows is simple and straightforward. This article describes how to deploy the Windows Agent quickly to your entire user population through Group Policy Objects (GPO) in a Windows Server. If you are interested ...
        • Windows 10

          Setting up Lumu on a Windows client device is the configuration recommended for testing purposes as we recommend you configure your server or your router to take the most advantage of the Lumu Continuous Compromise Assessment on your entire network. ...
        • Windows Server

          In this guide, we will walk you through the DNS configuration process for a Windows Server. Setting up Lumu for Continuous Compromise Assessment on a server is the deployment recommended for enterprises with a DNS infrastructure where all the traffic ...
        • Lumu VA and Packetbeat

          The Lumu Virtual Appliance (VA) offers the option to create Collectors, a seamless way to integrate with network metadata. In this quick guide, we show you how to configure Packetbeat in a Windows Server for DNS packet collection. Figure 1 - Network ...