As we show in our
Lumu Insights Deployment and Integration guide, organizations can enjoy full compromise visibility with Lumu, independent of whether users connect via VPN or straight to cloud-based applications.
The Lumu Agent can be deployed easily to your entire user population, and you can control the installation groups and status of each agent at a glance through the Lumu Portal.
The Lumu Agent is included with
Lumu Insights. If you are a
Lumu Free customer, the ability to deploy agents to monitor compromise across all devices in one single place can be enabled as an add-on. Alternatively, you can upgrade to Lumu Insights, which offers you additional correlation capabilities, spambox, and overall better compromise detection.
In this section, you can manage all the installed agents in your company through installation groups. You can set installation groups by geography, domains, critical assets, or as needed. Each installation group will have a unique activation code for deploying agents.
1. To add an installation group, go to the
Lumu Portal, navigate to the “Agents” menu, and click on the “Create group” button.
is the number of agents you can activate for your company. You can see the information regarding your quota and activated agents in the Agent section of the Lumu Portal (1). The quota is set accordingly to your Lumu Insights subscription or on the number of agents you specified when enabling the add-on subscription for Lumu Free.
The company quota can be partitioned into installation groups, the sum total of the installation group quotas can be higher than the global quota assigned to the company. When the maximum number of activated agents in the group quota or the global quota is reached, a
quota warning message
will be shown (2), and you will no longer be able to install new agents. To continue activating new agents, you need to delete existing agents or contact a Lumu sales representative to discuss your needs.
In this area of the Lumu Portal, you can change the status (1), edit (2), or delete (3) installation groups.
Understanding the Installation Group statuses:
In this area of the Lumu Portal, you can also
the installation groups’ data. You can change the group name, the label, and its agent quota. When you change a label for an installation group, all agents that are part of that group will have its label updated also. Notice that events already collected will not change the label information when updating group information, this only apply for new events.
For downloading an agent installation file, go to the
Lumu Portal, navigate to the Agents menu and click on the “Windows Client” button (1), then select the installation type according to your IT assets management system needs:
In the Agents section of the
Lumu Portal, you have information regarding all your agents at a glance. All the information is collected automatically from each device that runs the agent and visible at your Lumu Portal:
In this area, you can filter the agents by installation groups or labels. For
an agent just select the agent and click on the button “Delete”. When an agent is deleted, it will be deactivated and stop to send metadata to Lumu for Compromise Assessment. After deleting an agent, we recommend
uninstalling it from the device.
We recommend being familiar with
Lumu Incident Response Playbooks that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.