Custom Collector API

Custom Collector API

Some enterprises may already be using defense solutions such as Endpoint Detection and Response (EDR) or network monitoring tools as part of their pipelines to centralize their logs. Lumu gives the option to deploy custom collectors to send your network metadata to Lumu. To know more about collectors options, consult our deployment and integration guide.

Lumu’s Custom Collector API allows sending network metadata captured from third-party platforms/services/appliances to Lumu for Continuous Compromise Assessment. It can also be used as an alternative for obtaining greater visibility in cases where the enterprise network restricts the use of Virtual Appliances.
 Custom Collector API general deployment architectureFigure 1 - Custom Collector API general deployment architecture.

This article is a quick guide on managing the Custom Collector API for integrating third-party solutions to the Lumu Insights metadata-ingestion engine.

The Custom Collector API is part of Lumu Insights. This tier allows the smooth collection of metadata from your entire infrastructure, giving you unprecedented compromise visibility. To know more about plans and Lumu Insights, visit our Illumination options page.

Custom Collector API Key

A unique key handles the authentication of the Lumu Custom Collector API. The company’s account key is found in the corresponding area of the Lumu Portal (1). Each custom collector also has a unique ID.

Custom Collector API management area - Lumu PortalFigure 2 - Custom Collector API management area - Lumu Portal.
Note : The revocation process generates a new Custom Collector API key. This action cannot be undone and will cause Lumu to stop storing and processing data for all current custom collectors. This option should be used in specific scenarios such as when your current key is compromised due to security policies, etc. In case a key is revoked, you need to update all current custom collectors  configurations with the new API key.

Manage Custom Collectors

To create a custom collector, navigate to the Collectors > API menu of the Lumu Portal and click to add a collector.

In case you need help from someone from your team to configure custom collectors, you can invite someone from your company to the Lumu Portal.

When creating a custom collector, you are required to provide the following information:

  1. Name: a name for your custom collector.
  1. Description: an optional brief description for the custom collector.
  1. Default Label: the label with which all the captured metadata will be associated by default. You can later specify grouping rules for a more granular classification.
  1. Type: the type of metadata you want this custom collector to process.
Custom Collector creation screen - Lumu PortalFigure 3 - Custom Collector creation screen - Lumu Portal.
On the custom collector details page, you are going to find the following sections:
  1. Custom collector details include its name, id (unique identifier), labels, description, and data collection statistics.
  1. Custom collector management options: edit and delete.
  1. Links for the documentation.
  1. Records view of the custom collector for the last 30 days.
  1. Data group rules to add and edit rules (labels) for traffic categorization.
Custom Collector details screen - Lumu PortalFigure 4 - Custom Collector details screen - Lumu Portal.
To edit a custom collector, select the option to edit it and apply the desired changes (name, default label, description, etc.).
Be aware that any edit made to an existing collector affects only the data collected after the changes are made and does not apply to any data already collected.

In this area, you also have the option to delete a collector.

The deletion process cannot be undone and should be used to remove the collector permanently. In case a custom collector is deleted, you need to update the API configurations with the new collector ID.

Working With Grouping Rules

On the Lumu Portal, you have the option to create rules for individual assets or groups of assets to label the custom collector’s metadata.

Rules are based on CIDRs (Classless Inter-Domain Routing). When you create a rule, all activity coming from a device in which the IP address matches the CIDR will be labeled accordingly to the assigned label. If no match is found in the custom collector rules, the default label is applied.

Labels give you the power to categorize and filter your traffic by geography, network segment, device, domain, critical assets, or as needed. Labels include a business relevance option to help you make faster, data-supported decisions. To know more about labels, consult our documentation.

To manage rules for a custom collector, go to the Lumu Portal and select the corresponding option (1).

Custom Collector rules management - Lumu PortalFigure 5 - Custom Collector rules management - Lumu Portal.
You can add, edit, or remove labels for specific IP addresses or a group of IPs.
Be aware that any edit made to an existing collector affects only the data collected after the changes are made and does not apply to any data already collected.

Custom Collector API Specifications

To understand the API methods available to send your infrastructure metadata to be analyzed by Lumu, see our documentation.

        • Related Articles

        • Custom Collector API Specifications

          The Custom Collector API is a seamless way to integrate your network infrastructure with Lumu while layering Continuous Compromise Assessment. It allows sending network metadata captured from third-party platforms/services/appliances to Lumu, and it ...
        • Custom Collector API Integration With Packetbeat and Logstash

          Some enterprises may already be using Logstash as part of their pipelines to centralize their logs. In such cases, you have the option to deploy custom collectors to seamlessly integrate your network infrastructure with Lumu while layering Continuous ...
        • Configure VA Collectors

          Once the Virtual Appliance Collector has been added to the Lumu Portal, it is time to configure the VA Collector to send data to Lumu. If you are interested in getting started with Virtual Appliance Collector, access our documentation. Refresh the VA ...
        • Virtual Appliance Collectors

          The Lumu Virtual Appliance (VA) offers the option to create VA collectors, a seamless way to integrate network metadata, as well as send your DNS logs through the VA instead of using the VA built-in DNS resolver. In this quick guide, we show you how ...
        • Crowdstrike Response Integration with Lumu Defender API

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...