In this section of the
Lumu Portal, you have access to the dashboard and details on the activity and distribution of the Indicators of Compromise (IoC) that Lumu identified in your organization.
In this area, Lumu provides comprehensive and detailed visibility into the various compromise activities (IoCs) detected in your network, along with all context information for in-depth analysis. You can hover over any point of the timestamp (1) to see the breakdown of the type of compromise correlated with the traffic from that day. You can filter the threat activity by label (2) or by date, which allows you to visualize how and when your network is being compromised.
Compromise Context allows threat researchers and incident responders to enrich confirmed compromise information and understand how a particular compromise is spreading. Implement the right response to the most important compromise questions.
The Compromise Context area includes Compromise Radar, Attack Distribution, Spambox correlation, threat triggers, related resources, and the automated ATT&CK Matrix.
Around the Compromise Radar (1), are displayed the hour of the day (0h to 23h) and the numbers inside the circle represent the total contacts during each hour. The colors (2) represent the day of the week, which you can click to hide or show on the radar to check for patterns. You also have context information (3) regarding timestamp, labels and endpoints affected.
Attack Distribution is a dynamic visualization tool that enables
Lumu Insights and Lumu Defender customers to track and measure critical environments such as SWIFT, PCI-DSS, IOTs devices to take immediate action. You can click on the zoomable chart (1) to drill deeper into your labeled threat activity, which reveals how a specific compromise is spread inside an organization’s network. Use the zoomable timeline (2) of the attack to drill down and check when the attack affected each labeled asset.
Context tab, you can learn more about why Lumu classified the event as a compromise by reviewing the Threat Triggers and Related Files (1) and download these resources (2) to facilitate the configuration of policies that address these compromises using your current cybersecurity strategy.
This section also offers actionable steps for responding to each incident with integrated links (3) to related articles by leading security researchers covering a particular threat. We also offer
Lumu Incident Response Playbooks(4) based on the National Institute of Standards and Technology (NIST) Framework, which includes best practices for how to use Lumu to respond to specific attacks.
In this section, you have a comprehensive view of your compromise level through the distribution of malicious activities (1) detected in your organization according to the assigned labels. You also have the option to zoom (2) into the chart and filter (3) the compromise information displayed by label or date, which allows you to have visibility into how compromises spread among your assets
, allowing you to focus efforts on what an organization considers critical for a successful cyberdefense strategy.
Distribution Details how the total contacts between IoCs and your infrastructure grouped by endpoints. This includes information regarding its sources such as Gateways and Virtual Appliances. You also have trend visualizations that show the distribution of the IoCs found on each endpoint by threat type (Malware, Spam, Phishing, etc) and the labels set to each endpoint. You can filter (5) the compromise information by endpoint or threat type.
When you click on an endpoint on the list, you can see the distribution details, such as when and how often this endpoint was attacked along with the type of attacks and adversary information.
We recommend being familiar with Lumu’s
Incident Response Playbooks that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.