1. Log in on the Cisco Secure Endpoint Portal. Click on the Administration option on the left navigation bar, then click on the API Credentials option.

2. Within the API Credentials window, click on New API Credential.

3. In the New API Credential window, in the Scope field, choose Read & Write and click on Create.

4. After generating the API Credentials a dialog box will appear displaying the Client ID, and API Key. Store these values, they will be needed later.

Once you close this window, you won't be able to retrieve the API Key again.

1. Navigate to Outbreak Control. There you will see all the available options to configure. We will focus on Custom Detections > Simple and Application Control > Blocked Applications.

2. Custom Detections - Simple functions similarly to a blocklist. These are files you want to detect and quarantine. An entry in a Simple Custom Detection list will not only quarantine future occurrences of the file but, through Retrospective, will also quarantine instances of the file on any endpoints where the service has already encountered it. Choose a name that best suits the integration with Lumu, such as Lumu Detections - Simple List.

3. Application control - Blocked applications are files you do not want to allow users to execute but do not want to quarantine. Use this for files you are not sure are malware, unauthorized applications, or to stop applications with vulnerabilities from executing until a patch has been released. Choose a name that best suits the integration with Lumu, such as Lumu Detections - Blocked List.

These lists are subject to caching as specified under the Cache tab in your Policies. The default length of time a file is cached depends on its disposition, as follows:

• Clean files: 7 days
• Unknown files: 1 hour
• Malicious files: 1 hour

If a file is added to a Simple Custom Detection list, the cache time must expire before the detection will take effect.

1. Go to the Response integrations tab

2. Locate the Cisco Secure Endpoint integration

3. Familiarize yourself with the integration details and click the Activate button to start the integration set up.

4. To enable the integration, press the Activate button. After reviewing the instructions, enter a descriptive name and choose the Threat Types you want to send to Cisco Secure Endpoint.

5. Choose the Base URL that matches your server. Enter the necessary details, including the Client ID and API Key, which were obtained earlier in this guide, and click the Activate button. Lumu will verify the accuracy of the credentials provided.

6. Choose the Simple Custom Detection List and Application Block List created in the previous steps.

7. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:

After the integration is activated, the selected Simple Custom Selection List and Application Block List will be updated with confirmed compromises detected by Lumu within the past 3 days.