This article shows how to leverage Autotask API and Lumu Defender API to enhance your
SecOps
capabilities, pushing Lumu incidents into an Autotask deployment as
Service Tickets, and syncing both systems.
Please, allow all the traffic to the following hosts. These are required for the operation of this integration:
Before you deploy and implement the Lumu Integration, you need to prepare your Autotask deployment to ensure the integration works as expected.
In your Autotask Web console, expand the Three lines menu at the top left corner of the screen. Click on the Admin section, and click on the Security Levels menu under select Account Settings & Users > Resources/Users (HR) > Security .
Copy the
API User (system) (API-only)
and give a name to the new one (API User (system) LUMU (API-only))
Edit the new security level (API User (system) LUMU (API-only)). Modify the permissions according to the following table:
Section |
Parameter |
Value |
CRM > Account & Contact Access |
Customer & Cancellation |
All |
Service Desk > Object Permissions |
Tickets > View |
All |
Service Desk > Object Permissions |
Tickets > Add |
Yes |
Service Desk > Object Permissions |
Tickets > Edit |
Yes |
Service Desk > Object Permissions |
Tickets Notes > Edit |
All |
Service Desk > Other Permissions |
Can administer tags and tag groups |
Enabled |
Admin > Feature Access |
Service Desk (Tickets) |
Enabled |
Web Services API > Feature Access |
Can login to Web Services API |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Tickets > View (Query) |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Tickets > Add |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Tickets > Edit (Update) |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Ticket Notes > View (Query) |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Ticket Notes > Add |
Enabled |
Web Services API > Resource Impersonation |
Service Desk > Ticket Notes > Edit (Update) |
Enabled |
Web Services API > Contact Impersonation |
Service Desk > Tickets |
Enabled |
Web Services API > Contact Impersonation |
Service Desk > Ticket Notes |
Enabled |
In your Autotask Web console, expand the
Three lines
menu. Click on the
Admin
section, then click on the
Resources/Users menu
under
Account Settings & Users
>
Resources/Users (HR)
. In the
Resources
window, click on the right drop arrow of the
New
button, and select
New API User.
Complete all the mandatory fields. Follow these directions in order to complete specific sections:
In your Autotask Web console, expand the
Three lines menu. Click on the
Admin section, and click on the
Tags & Tag Groups under the
Automation
> Tagging section.
To fully integrate Lumu with your Autotask deployment, you need to create the Service categories, issues, and sub-issues. To do so, you will be working with the
Service Desk (Tickets)
section under the
Admin > Features & Settings tab.
It’s recommended to use an existing Queue to group Lumu incidents with other ones. According to your operation, you can reuse or create a new one. To do so, expand the
Three lines
menu. Click on the
Admin
section, then, click on the
Queues
menu under the Select
Features & Settings -> Service Desk (Tickets) section. In the
Service Desk Queues
window, click on the
New
button. Fill in the required data.
In your Autotask Web console, expand the Three lines menu. Click on the Admin section, then, click on the Ticket Categories menu under the Features & Settings > Service Desk (Tickets) section. In the Ticket Categories window, click on the New button.
In the New Ticket Category window, follow these directions:
In your Autotask Web console, expand the Three lines menu. Click on the Admin section, then, click on the Issue & Sub-Issue Types menu under the Features & Settings > Service Desk (Tickets) section. In the Issue Types window, click on the New button.
Create the Lumu Issue and its Sub-Issues: DGA, Spam, Malware, C&C, Phishing, and Mining. The
Lumu
issue type must look as follows:
To deploy the integration package, you have two options:
Select the alternative that best suits your needs.
Unpack the deployment package provided by Lumu in your preferred path/folder. Keep in mind this location, as it will be required for further configurations. From this point on, we will refer to this folder as <at_lumu_root>.
The file requirements.txt contains the list of dependencies for this integration. After deploying the package locally, run the following command from the deployment folder:
- python autotask_lumu.py --company_key <Lumu Defender Key> --username <API Username generated> --secret <API Secret generated> --api_integration_code <Code Given by Vendor integration> --reference_user <Default email user for the integration>
There are two scripts, the init script and the main script.The init script must be executed before the main script. After setting the environment, you can run the main script .
To use the script, you must locate yourself on the path selected for deployment (<at_root>). Use the following command to show all options available for the package:
- python autotask_lumu.py --company_key <Lumu Defender Key> --username <API Username generated> --secret <API Secret generated> --api_integration_code <Code Given by Vendor integration> --reference_user <Default email user for the integration>
Usage: setup_autotask_params .py [options]
Options |
Description |
-h, --help |
show this help message and exit |
--username USERNAME
|
Datto Autotask username with privilege to run the PublicAPI |
--secret SECRET
|
secret of Datto Autotask username with privilege to run the PublicAPI |
--company_key COMPANY_KEY
|
Lumu defender API Key |
--reference_user REFERENCE_USER
|
Datto Autotask reference user, example: " user1@company.any " |
Have in mind all parameters requested by the setup script must be defined. Please define them according to your needs and the Autotask preparation steps.
To use the script, you must locate yourself on the path selected for deployment (<at_root>). Use the following command to show all options available for the package:
- python autotask_lumu.py --help
Usage: autotask_lumu.py [options]
Options |
Description |
-h, --help |
show this help message and ex |
--username USERNAME
|
Datto Autotask username with privilege to run the PublicAPI
|
--secret SECRET
|
secret of Datto Autotask username with privilege to run the PublicAPI |
--company_key COMPANY_KEY
|
Lumu defender API Key |
--reference_user REFERENCE_USER
|
|
--logging {screen,file}
|
Logging option (default screen) |
--verbose, -v |
Verbosity level
|
Use the following command to listen to Lumu operational events and manage service tickets in your Autotask instance:
- python autotask_lumu.py --company_key <Lumu Defender Key> --username <API Username generated> --secret <API Secret generated> --api_integration_code <Code Given by Vendor integration> --reference_user <Default email user for the integration>
Use the option --logging=file to store a record of all tasks run by the script. Using this, all the script output will be redirected to a file named lumu.log in the folder where you have deployed the script.
- python autotask_lumu.py --company_key <Lumu Defender Key> --username <API Username generated> --secret <API Secret generated> --api_integration_code <Code Given by Vendor integration> --reference_user <Default email user for the integration> --logging file
The above samples can be combined according to your needs.
For identified failures on the script, please use the -v flag. This will allow you to identify failures in the script execution.
The integration can be deployed in a docker environment. To do so, run the following commands located in the integration folder:
- python autota docker build --build-arg company_key=<value> --build-arg api_integration_code=<value> --build-arg secret=<value> --build-arg username=<value> --build-arg reference_user=<value> --tag python-lumu-autotask .
- docker run -d --name lumu-autotask python-lumu-autotask
- docker exec -it lumu-autotask python setup_autotask_params.py
In order to check live logs of the container, run the following command:
- docker logs -f lumu-autotask
After running the script, it will listen for incident updates on Lumu. After an incident is updated on Lumu, you will see a new incident in the
Tickets window in the
Service Desk section.
The following table shows the transition between states among incidents in Lumu and Autotask.
Autotask state/action |
Lumu state/action |
Comments |
New |
Open |
Applies for a new incident detected by Lumu |
Waiting Customer |
Muted |
|
In progress |
Unmute |
If the incident is unmuted, it will be marked as In progress in Autotask |
Complete |
Closed |
|
These transitions are supported in both directions. Each transition made in one of the services will be reflected in the other. Following, you can find some examples of how the operation between both services works.