Collect Metadata with Lumu VA
The Lumu Virtual Appliance (VA) offers the option to create VA collectors, a seamless way to integrate the network metadata of your entire enterprise into the Lumu cloud with the lowest impact on the network operation.
Collecting metadata other than DNS requests is important since some attacks avoid domain resolution, leaving traces of their contacts in the access logs of firewalls, proxies, etc. This option is also available for accommodating networks where DNS configuration is not possible. In this scenario, companies can monitor IP traffic with the Lumu Virtual Appliance acting as a network metadata collector on your enterprise perimeter.
This approach ensures compromise visibility without having to make major changes, as almost every cybersecurity vendor solution can forward metadata externally without impacting their operation.
Requirements
- Admin access and prerequisites to configure your vendor solution.
- The most recent version of the Lumu Virtual Appliance installed.
These are the general steps you should follow to configure the vendor solutions to send all metadata such as firewall and proxy logs to Lumu:
Deploy and Set Up Lumu VA
All detailed steps to create, download, and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:
- Deploy Virtual Appliances
- Configure Virtual Appliances and VA collectors
Set up a Lumu VA Log Collector
Go to the Lumu Virtual Appliance and refresh the VA collectors settings by running the command lumu-appliance collectors refresh. If the appliance is running, it should be stopped for setting up collectors.
Example of options when selecting a collector Select the option that refers to the collection you want to deploy and inform the requested data.
Example of screen when setting up a collector The following are some examples of data you can be requested to input in this process:
- Protocol type: you can select between TCP and UDP according to your infrastructure and your vendor solution.
- Port number: provide a number between 1024 and 65535, inclusive.
- Timezone: The timezone for setting up the VA. Use the canonical ID (e.g. America/Chicago). You can use this external article for reference.
Related Articles
Lumu Virtual Appliance DNS Packets Collectors Catalog
Before attempting this type of implementation, we strongly suggest checking out our Lumu Agent for Windows Server , which can act as a DNS server collector and covers the vast majority of the scenarios of this VA implementation (Windows Server 2016 ...
Create VA Collectors
The Lumu Virtual Appliance (VA) offers the option to create VA Collectors, a seamless way to collect the network metadata of your entire enterprise and forward it to the Lumu cloud with the lowest impact on the network operation. In this quick guide, ...
Lumu Virtual Appliance DNS Queries Collectors Catalog
In the following table, you will find a complete list of DNS Queries Collectors available for deployment as part of Lumu's Virtual Appliances. Collector Logo Collect DNS Queries with Lumu VA and Infoblox Collect DNS Queries with Lumu VA and Citrix ...
Lumu Virtual Appliance Collectors
To get started with Lumu Virtual Appliances, consult our Introduction to Lumu Virtual Appliances article. The Lumu Virtual Appliance (VA) is a pre-configured lightweight virtual machine solution that collects the network metadata of your entire ...
Deploy Virtual Appliances
To get started and review requirements for Lumu Virtual Appliances, consult our document Introduction to Virtual Appliances. Follow these simple steps to create and download a pre-configured Virtual Appliance and start illuminating threats and ...