Custom Collector API

Custom Collector API

Some enterprises may already be using defense solutions such as Endpoint Detection and Response (EDR) or network monitoring tools as part of their pipelines to centralize their logs. Lumu gives the option to deploy custom collectors to send your network metadata to Lumu. To know more about collectors options, consult our deployment and integration guide.

Lumu’s Custom Collector API allows sending network metadata captured from third-party platforms/services/appliances to Lumu for Continuous Compromise Assessment. It can also be used as an alternative for obtaining greater visibility in cases where the enterprise network restricts the use of Virtual Appliances.
 Custom Collector API general deployment architectureCustom Collector API general deployment architecture.

This article is a quick guide on managing the Custom Collector API for integrating third-party solutions to the Lumu metadata-ingestion engine.

Custom Collector API Key

A unique key handles the authentication of the Lumu Custom Collector API. The company’s account key is found in the corresponding area of the Lumu Portal (1). Each custom collector also has a unique ID.

Custom Collector API management area - Lumu PortalCustom Collector API management area - Lumu Portal.
Note : The revocation process generates a new Custom Collector API key. This action cannot be undone and will cause Lumu to stop storing and processing data for all current custom collectors. This option should be used in specific scenarios such as when your current key is compromised due to security policies, etc. In case a key is revoked, you need to update all current custom collectors configurations with the new API key.

Manage Custom Collectors

To create a custom collector, navigate to the Collectors > API menu of the Lumu Portal and click to add a collector.

In case you need help from someone from your team to configure custom collectors, you can invite someone from your company to the Lumu Portal.

When creating a custom collector, you are required to provide the following information:

  1. Name: a name for your custom collector.
  1. Description: an optional brief description for the custom collector.
  1. Default Label: the label with which all the captured metadata will be associated by default. You can later specify grouping rules for a more granular classification.
  1. Type: the type of metadata you want this custom collector to process.
Custom Collector creation screen - Lumu PortalCustom Collector creation screen - Lumu Portal.
On the custom collector details page, you are going to find the following sections:
  1. Custom collector details include its name, id (unique identifier), labels, description, and data collection statistics.
  1. Custom collector management options: edit and delete.
  1. Links for the documentation.
  1. Records view of the custom collector for the last 30 days.
  1. Data group rules to add and edit rules (labels) for traffic categorization.
Custom Collector details screen - Lumu PortalCustom Collector details screen - Lumu Portal.
To edit a custom collector, select the option to edit it and apply the desired changes (name, default label, description, etc.).
Be aware that any edit made to an existing collector affects only the data collected after the changes are made and does not apply to any data already collected.

In this area, you also have the option to delete a collector.

The deletion process cannot be undone and should be used to remove the collector permanently. In case a custom collector is deleted, you need to update the API configurations with the new collector ID.

Working With Grouping Rules

On the Lumu Portal, you have the option to create rules for individual assets or groups of assets to label the custom collector’s metadata.

Rules are based on CIDRs (Classless Inter-Domain Routing). When you create a rule, all activity coming from a device in which the IP address matches the CIDR will be labeled accordingly to the assigned label. If no match is found in the custom collector rules, the default label is applied.

Labels give you the power to categorize and filter your traffic by geography, network segment, device, domain, critical assets, or as needed. Labels include a business relevance option to help you make faster, data-supported decisions. To know more about labels, consult our documentation.

To manage rules for a custom collector, go to the Lumu Portal and select the corresponding option (1).

Custom Collector rules management - Lumu PortalCustom Collector rules management - Lumu Portal.
You can add, edit, or remove labels for specific IP addresses or a group of IPs.
Be aware that any edit made to an existing collector affects only the data collected after the changes are made and does not apply to any data already collected.

Custom Collector API Specifications

To understand the API methods available to send your infrastructure metadata to be analyzed by Lumu, see our documentation.

        • Related Articles

        • Custom Collector API Specifications

          The Custom Collector API is a seamless way to integrate your network infrastructure with Lumu while layering Continuous Compromise Assessment. It allows sending network metadata captured from third-party platforms/services/appliances to Lumu, and it ...
        • Custom Collector API Integration With Packetbeat and Logstash

          Some enterprises may already be using Logstash as part of their pipelines to centralize their logs. In such cases, you have the option to deploy custom collectors to seamlessly integrate your network infrastructure with Lumu while layering Continuous ...
        • Custom Collector API integration with Netskope Next Gen Secure Web Gateway (SWG)

          This article shows how to leverage Netskope Next Gen SWG Events API to collect and inject network metadata into Lumu. Figure 1 - Data collection setup from Netskope Events API to Lumu. The script polls data from Netskope’s page and application ...
        • Manage Virtual Appliances and Collectors

          You have the option to manage Lumu Virtual Appliances (VA) directly from the Lumu Portal. The virtual appliance allows for full visibility into the compromises inside your network and is available for the most commom hypervisors. This document lists ...
        • Create VA Collectors

          The Lumu Virtual Appliance (VA) offers the option to create VA Collectors, a seamless way to collect the network metadata of your entire enterprise and forward it to the Lumu cloud with the lowest impact on the network operation. In this quick guide, ...