Collectors of Network Metadata - Lumu Portal

Collectors and Integrations

Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools.

Lumu offers a variety of collector options for sending your network metadata. Depending on your needs and how you want to integrate Lumu into your infrastructure, you can choose a combination of collectors to cover all your enterprise perimeters.


In this section of the Lumu Portal, you can manage the available collector types such as Agents, Virtual Appliances, Gateways and custom API collectors.

This article shows a brief overview of the collectors you can use to incorporate Lumu into your security operation. For detailed information on each collector, consult the documentation link included in each collector description, or consult our deployment and integration guide.

Note that some features, such as end-point level visibility, Custom Collectors and Integrations are only available for paid Lumu subscriptions, consult our website for more details [Add link].

Agents

The Lumu Agent is an endpoint software program provided by Lumu installed on a user's machine and enables the monitoring of remote devices no matter where they are. Lumu Agents run silently while intentionally collecting network metadata to be analyzed by Lumu to measure compromise in real time. For more information, consult our Lumu Agent documentation


Lumu Agents management

For organizations with a remote workforce, Lumu has the option to implement the Continuous Compromise Assessment concept for remote workers using VPN (Virtual Private Network) or SDP (Software Defined Perimeter) technologies as well. For detailed guidance, consult VPN and SDP Configuration.

Virtual Appliances and VA Collectors


The Lumu Virtual Appliance (VA) is a virtualized machine that enables collecting network metadata from your entire enterprise and forwards it to the Lumu cloud with the lowest impact on the network operation. For more details, consult Introduction to Lumu Virtual Appliance.


The Lumu VA also offers the option to create VA Collectors, a seamless way to integrate network metadata (firewall, proxies, etc.), as well as send your DNS logs through the VA instead of the VA built-in resolver.

Gateways


At Lumu, Public Gateways are how we define the network’s public IP addresses, which are used to forward traffic to other networks or the internet. Consult our Lumu Public Gateway documentation on using gateways to associate traffic from your organization to Lumu.

Log Forwarders


Log Forwarders are a flexible, streamlined way to enjoy the benefits of Lumu and data collection using a similar setup process as an Agent. They are ideal for always-on configurations, receiving syslogs and pushing them to Lumu for Continuous Compromise Assessment.

Each Log Forwarder can handle up to five metadata collectors. Lumu has a constantly growing list of supported vendors. To learn more about Log Forwarders, how to use them, and supported technologies, please consult the Log Forwarder documentation.

Custom Collectors API

The Lumu Custom Collectors API allows posting network metadata captured from third-party platforms/services/appliances to Lumu for real-time and Continuous Compromise Assessment. It can also be used as an alternative for greater visibility in cases where the enterprise network restricts the use of Virtual Appliances. For more details, consult the Custom Collectors API documentation

Integrations

This section of the Lumu Portal allows customers to easily setup Lumu to feed confirmed compromise instances into any third-party tool for automated mitigation and remediation.

Here, you will find two options, API and Apps.

API refers to the Lumu Defender API, a powerful interface that allows Lumu to bring Continuous Compromise Assessment to any third-party vendor.


Apps refers to one of Lumu’s most powerful tools, Out-of-the-Box Integrations. These are integrations that are ready to communicate with the most popular cybersecurity vendors, enabling Lumu to operate as an essential part of any cybersecurity stack with just a couple of clicks.


For more details, consult our documentation on Integrations.

Explore more about the Lumu Portal:

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Lumu Discover Infostealer Playbook

          Every organization has external assets that are necessarily exposed—not only to customers and users but also, unfortunately, to malicious actors. Lumu Discover provides insights into the presence of infostealers within your external surface. However, ...

        • Lumu Portal

          Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. The Lumu ...

        • How to configure SSO in the Lumu Portal using CyberArk

          Learn how to Configure SSO in the Lumu Portal using CyberArk by following this article. Requirements Before you can configure Single Sign-On (SSO) integration with the Lumu Portal using CyberArk, ensure that you have the following: Administrator ...

        • How to configure SSO in the Lumu Portal using Okta

          Single Sign-on (SSO) allows you to log in to the Lumu portal through Identity Providers using their current credentials. Instead of requiring users to manage multiple usernames and passwords, SSO allows you to log in to multiple applications using ...

        • Lumu Email Intelligence

          Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...