Custom Collector API

Custom Collector API

Some enterprises may already be using defense solutions such as Endpoint Detection and Response (EDR) or network monitoring tools as part of their pipelines to centralize their logs. Lumu gives the option to deploy custom collectors to send your network metadata to Lumu. To know more about collectors options, consult our deployment and integration guide.

Quote
Lumu’s Custom Collector API allows sending network metadata captured from third-party platforms/services/appliances to Lumu for Continuous Compromise Assessment. It can also be used as an alternative for obtaining greater visibility in cases where the enterprise network restricts the use of Virtual Appliances.
Custom Collector API general deployment architectureCustom Collector API general deployment architecture.

This article is a quick guide on managing the Custom Collector API for integrating third-party solutions to the Lumu metadata-ingestion engine.

Custom Collector API Key

A unique key handles the authentication of the Lumu Custom Collector API. The company’s account key is found in the corresponding area of the Lumu Portal (1). Each custom collector also has a unique ID.

Custom Collector API management area - Lumu PortalCustom Collector API management area - Lumu Portal.
Warning
Note : The revocation process generates a new Custom Collector API key. This action cannot be undone and will cause Lumu to stop storing and processing data for all current custom collectors. This option should be used in specific scenarios such as when your current key is compromised due to security policies, etc. In case a key is revoked, you need to update all current custom collectors configurations with the new API key.

Manage Custom Collectors

To create a custom collector, navigate to the Collectors > API menu of the Lumu Portal and click to add a collector.

Idea
In case you need help from someone from your team to configure custom collectors, you can invite someone from your company to the Lumu Portal.

When creating a custom collector, you are required to provide the following information:

  1. Name: a name for your custom collector.
  1. Description: an optional brief description for the custom collector.
  1. Label: the label with which all the captured metadata will be associated by default. You can later specify grouping rules for a more granular classification.
  1. Type: the type of metadata you want this custom collector to process.
On the custom collector details page, you are going to find the following sections:
  1. Custom collector details include its name, id (unique identifier), labels, description, and data collection statistics.
  1. Custom collector management options: edit and delete.
  1. Links for the documentation.
  1. Records view of the custom collector for the last 30 days.
  1. Data group rules to add and edit rules (labels) for traffic categorization.

To edit a custom collector, select the option to edit it and apply the desired changes (name, default label, description, etc.).
Alert
Be aware that any edit made to an existing collector affects only the data collected after the changes are made and does not apply to any data already collected.

In this area, you also have the option to delete a collector.

Warning
The deletion process cannot be undone and should be used to remove the collector permanently. In case a custom collector is deleted, you need to update the API configurations with the new collector ID.

Working With Grouping Rules

Grouping Rules are powerful tools to organize and streamline the traffic received by your collectors by making full use of Lumu’s Labels. Consult the relevant article on our technical documentation to learn more about Grouping Rules.

Custom Collector API Specifications

To understand the API methods available to send your infrastructure metadata to be analyzed by Lumu, see our documentation.


    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Custom Collector API Specifications

          The Custom Collector API is a seamless way to integrate your network infrastructure with Lumu while layering Continuous Compromise Assessment. It allows sending network metadata captured from third-party platforms/services/appliances to Lumu, and it ...

        • Custom Collector API Integration With Packetbeat and Logstash

          Some enterprises may already be using Logstash as part of their pipelines to centralize their logs. In such cases, you have the option to deploy custom collectors to seamlessly integrate your network infrastructure with Lumu while layering Continuous ...

        • Custom Collector API integration with Netskope Next Gen Secure Web Gateway (SWG)

          This article shows how to leverage Netskope Next Gen SWG Events API to collect and inject network metadata into Lumu. Figure 1 - Data collection setup from Netskope Events API to Lumu. The script polls data from Netskope’s page and application ...

        • Deploy Collectors with Log Forwarder for Windows

          Log Forwarder is designed to streamline the data collection processes from third party data collection services. While not as optimized as a fully-fledged Virtual Appliance deployment, it is a great alternative for fast and accessible deployment. ...

        • Using Grouping Rules with Lumu Collectors

          Grouping Rules is a feature shared by some of our collectors that allows you to better organize and categorize the traffic these collectors analyze using your labels. Data Collection collectors are designed to receive traffic in bulk, which is not ...