Datto Autotask Out-of-the-box SecOps Integration
- An Autotask PSA Essentials or above subscription
- An Active Lumu Insights or Lumu Defender subscription
Configure Autotask
To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the following data:
| Data | Description |
| Username | The credentials of the API User |
| Secret | The password associated with the API User. |
| Account | Identity of the account you want to associate the tickets |
| Billing code |
The billing assigned to the tickets. This represents billable time or expenses used to generate client invoices. |
| Queue | The queue where the tickets corresponding to the incidents will be created. |
| Ticket type | The ticket type assigned to the tickets. This determines the available Accessory tabs and enables Tools on the ticket. |
| Source | The source assigned to the tickets. This indicates how the ticket enters your Autotask instance. |
| Open status | The status assigned to the ticket when it is created by the integration. |
| Closed status | The status corresponding to a Closed incident. |
| Muted status | The status corresponding to a Muted incident. |
| Priority | Categorization to be assigned to tickets created by Lumu. Can be specific by threat type. This indicates the urgency of the incident |
| Issue type | (Optional) Categorization to be assigned to tickets created by Lumu. Can be specific by threat type. |
| Sub-issue type | (Optional) Categorization to be assigned to tickets created by Lumu. Can be specific by threat type. This allows you to generate reports detailing the type of problems your customers are experiencing |
During the first part of this procedure, we will be configuring Autotask to ensure the integration works as expected.
API Username and password
Create a security level with the necessary permissions.
1. Log in with your Autotask account, then click on the three lines and go to the Admin option
2. You will see the following options. Click on Account Settings & Users. Then go to the Security section, and click on Security levels.
3. Duplicate the API User (system) (API-only) existing level. Edit its name giving a distinctive one:
4. Keep editing the new security level. You will see the following
5. Modify the following permissions according to the table below:
1 Section Parameter Value 2 CRM > Account & Contact Access Customer & Cancellation All 3 Service Desk > Object Permissions Tickets > View All 4 Service Desk > Object Permissions Tickets > Add Yes 5 Service Desk > Object Permissions Tickets > Edit Yes 6 Service Desk > Object Permissions Tickets Notes > Edit All 7 Admin > Feature Access Service Desk (Tickets) Enabled 8 Other > Webhooks Allow the option “Can create Webhooks“ Give a number for the maximum number of webhooks 9 Web Services API > Feature Access Can login to Web Services API Enabled 10 Web Services API > Resource Impersonation Service Desk > Tickets > View (Query) Enabled 11 Web Services API > Resource Impersonation Service Desk > Tickets > Add Enabled 12 Web Services API > Resource Impersonation Service Desk > Tickets > Edit (Update) Enabled 13 Web Services API > Resource Impersonation Service Desk > Ticket Notes > View (Query) Enabled 14 Web Services API > Resource Impersonation Service Desk > Ticket Notes > Add Enabled 15 Web Services API > Resource Impersonation Service Desk > Ticket Notes > Edit (Update) Enabled 16 Web Services API > Contact Impersonation Service Desk > Tickets Enabled 17 Web Services API > Contact Impersonation Service Desk > Ticket Notes Enabled
Create an API user
1. In your Autotask Web console, expand the Three lines menu. Click on the Admin section, then click on the Account Settings & Users option. Under Resources/Users (HR) click on Resource/Users.
2. In the Resources window, click on the New button. Select the New API User option.
3. Complete all the mandatory fields.
To complete specific sections, follow these directions:
1. Select the Security Level that you just created in the previous steps.
2. In the Credentials section, choose between generating the username/key and the password/secret or defining it yourself.
3. You need to save the Username and the Password in a secure place. In the API Tracking Identifier, select the Integration Vendor button. Search for Lumu Technologies - Network Security in the Integration Vendor drop-down list. Save the newly created API user.
According to your Autotask configuration, you’ll need to define the Line of Business section. For detailed reference, please refer to Adding or editing an API user document in the Autotask documentation.
Account
The tickets created by the integration will be associated with an account managed in your Autotask portal.
While creating the integration, the creation process will list the available accounts for you to choose from.
If necessary, create the accounts in the Autotask portal by choosing the CRM > Accounts option.
Billing
The tickets created by the integration will be associated with a billing code.
While creating the integration, the Lumu Portal will list the available billing options for you to choose from.
1. To create a new billing code, go to Admin > Features & Settings > Finance, Accounting, & Invoicing. Finally, click on the Billing Codes option.
Queue
For every incident detected by Lumu, the integration will generate tickets in the queue of your choice.
While creating the integration, the Lumu Portal will list the available queues for you to choose from.
1. To create a new queue, go to Admin > Features & Settings > Service Desk (Tickets). Finally, click on the Queues option.
2. Click on the New button
3. Fill in the information with the parameters that you feel are most appropriate.
Source
You can assign a source to the tickets. This indicates how the ticket entered your Autotask instance.
While creating the integration, the Lumu Portal will list the available sources for you to choose from.
1. To create a new source, go to Admin > Features & Settings > Service Desk (Tickets). Finally, click on the Sources option.
Status
Incidents in the Lumu Portal can have three statuses:
1. Open: New contacts with the adversary have been detected
2. Closed: The incident has been resolved. A new contact with the same adversary will create a new incident.
3. Muted: The incident is no longer updated with new contacts
Autotask should provide at least three statuses to match. Please note that an incident cannot be reopened in the Lumu portal; however, it can be unmuted.
While creating the integration, the Lumu Portal will list the available statuses for you to choose from.
1. If you want to create new statuses, go to Admin > Features & Settings > Service Desk (Tickets). Finally, click on the Ticket Statuses option.
Priority
You can assign a priority to the tickets created by the integration. You can choose a different categorization for each threat type if you wish to do so.
While creating the integration, the Lumu Portal will list the available priorities for you to choose from.
1. If you want to create new priorities, go to Admin > Features & Settings > Service Desk (Tickets). Finally, click on the Ticket Priorities option.
Issue type and sub-issue types
Optionally, you can assign an Issue type and a Sub-issue type to the tickets created by the integration. You can choose a different categorization for each threat type if you wish to do so.
While creating the integration, the Lumu Portal will list the available issue types and sub-issue types for you to choose from.
1. If you want to create new issue types and sub-issue types, go to Admin > Features & Settings > Service Desk (Tickets). Finally, click on the Issue Types & Sub-issue Types option.
2. You will see a list with the Issue Types. To create a new one, click on the New button.
3. Write a name that is easy to remember.
4. Finally associate the issue type with sub-issue types, for categorization.
Add Integration
1. Log into your MSP Lumu account through the Lumu MSP Portal and navigate to the integrations screen.
2. Locate the Datto integration in the available apps area.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
4. Add the integration name and fill in the data.
- Use the Username that we just created above for an API User
- Use the Secret associated with the API User.
5. Fill in the integration data.
- The Account is the one that you want to associate the tickets with.
- The Billing code that you want to be assigned to the tickets.
- The Ticket category is the classification that you want to associate.
- Queue is where the tickets will be created.
- The Ticket Type determines the available accessory tabs and enabled tools on the ticket.
- Source is the one that indicates how the ticket enters your Autotask instance.
Click on Next to continue the setup.6. Select the statuses in Autotask that correspond to the statuses of the incidents in the Lumu portal
7. Select the default Priority value that will be assigned to all tickets.
Optionally,the Issue type, and the Sub-issue type to be assigned to the tickets created by the integration. You can choose default values to be assigned to all tickets, and/or values to be used for each threat type. This step is optional and you can leave it blank if you do not wish to categorize the tickets.
8. After you have activated the integration, you can save the configuration for the integrations you will create in the future
9. You can now see the details of the created integration
10. You can also save templates for integrations already created.
Operating the integration
Now you are ready to operate Lumu incidents from Autotask tickets. Each new or updated contact detected by Lumu will create or update a Ticket in Autotask with the categorization selected by you when configuring the integration.
Autotask Queue view with Lumu tickets
Remember that an incident cannot be reopened in the Lumu portal; however, it can be unmuted.
Related Articles
Autotask Custom SecOps Integration
This article shows how to leverage Autotask API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into an Autotask deployment as Service Tickets, and syncing both systems. Requirements An Autotask active subscription ...Universal SIEM Out-of-the-Box SecOps Integration
Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...QRadar Out-of-the-Box SecOps Integration
If by any chance you are looking for the Lumu Qradar Custom App, it is strongly suggested to start using this Out-of-the-box Integration instead. To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. The ...Chronicle SIEM Custom SecOps Integration
The Chronicle SIEM Custom SecOps integration allows you to receive Lumu detections and related operating events. In this article, you will find out how to configure your Chronicle SIEM instance and its Lumu integration to enhance your current ...HaloPSA Custom SecOps Integration
This article shows how to leverage HaloPSA API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a HaloPSA deployment as Tickets, and syncing both systems. Requirements A HaloPSA subscription and Web access. Lumu ...