ConnectWise Manage Custom Integration with Lumu Defender API
Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised to use that integration instead.
This article shows how to leverage ConnectWise Manage API and Lumu Defender API to enhance your SecOps capabilities, push Lumu incidents into a ConnectWise Manage deployment as Service Tickets, and sync both systems.
Requirements
- ConnectWise Manage API Member Only keys, private and public.
It is recommended to create a custom role with the following permissions:
|
Module
|
Function
|
Access - Level
|
|
Company
|
Company Maintenance
|
Inquire - All
|
|
Service Desk
|
Service Tickets
|
Add - All
Edit - All
Delete - None
Inquire - All
|
|
System
|
Table Setup
|
Inquire - All
|
If you have defined a custom role, please ensure you use it when you create the API Key.
- Lumu Defender API Key.
-
Script host with Python 3.6+ to deploy script code.
-
The script host must reach your ConnectWise deployment and Lumu Defender API endpoints.
Deploy the script
Remember to contact the Lumu support team to acquire the script deployment package if you haven’t already done so.
Script location
Unpack the deployment package provided by Lumu in your preferred path/folder. Keep in mind this location, as it will be required for further configurations. From this point on, we will refer to this folder as
<cwm_lumu_root>
.
Install requirements
The file requirements.txt contains the list of conditions for this integration. After deploying the package locally, run the following command from the deployment folder:
[sudo] pip install -r ./requirements.txt
It is recommended to define a Python virtual environment to deploy the script requirements.
Script details
To use the script, you must locate yourself on the path selected for deployment (<cwm_root>). Use the following command to show all options available for the package:
python lumucw_manage.py --help
Usage:
lumu_cw_manage.py [options]
|
Options
|
Description
|
|
-h, --help
|
show this help message and exit
|
|
--config CONFIG
|
Load options from config file
|
|
--company-key COMPANY_KEY
--company_key COMPANY_KEY
|
Lumu Company Key (Defender API).
|
|
--proxy-host PROXY_HOST
--proxy_host PROXY_HOST
|
Proxy host (if required)
|
|
--proxy-port PROXY_PORT
--proxy_port PROXY_PORT
|
Proxy port (if required)
|
|
--proxy-user PROXY_USER
--proxy_user PROXY_USER
|
Proxy user (if required)
|
|
--proxy-password PROXY_PASSWORD
--proxy_password PROXY_PASSWORD
|
Proxy password (if required)
|
|
--logging {screen,file}
|
Logging option (default screen)
|
|
--verbose, -v
|
Verbosity level
|
|
--company COMPANY
|
CW Manage Company to inject alerts to.
|
|
--board BOARD
|
CW Manage Board to record in tickets.
|
|
--type TYPE
|
CW Manage Type to record in tickets.
|
|
--subtype SUBTYPE
|
CW Manage Type to record in tickets.
|
|
--item ITEM
|
CW Manage Item to record in tickets.
|
|
--closed-status CLOSED_STATUS
--closed_status CLOSED_STATUS
|
Indicates the closed status name used in ConnectWise Manage to mark a ticket as closed (default Closed).
|
|
--check-wait CHECK_WAIT
--check_wait CHECK_WAIT
|
Seconds to wait between checking ticket closure in ConnectWise Manage (default 60).
|
|
--host HOST
|
CW Manage API Host.
|
|
--login-company LOGIN_COMPANY, --login_company LOGIN_COMPANY
|
CW Manage Login Company.
|
|
--public-key PUBLIC_KEY, --public_key PUBLIC_KEY
|
CW Manage Public API Key.
|
|
--private-key PRIVATE_KEY, --private_key PRIVATE_KEY
|
CW Manage Private API Key.
|
The minimum required options are:
|
Options
|
Description
|
|
--company-key COMPANY_KEY
--company_key COMPANY_KEY
|
Lumu Company Key (Defender API).
|
|
--host HOST
|
CW Manage API Host.
|
|
--login-company LOGIN_COMPANY, --login_company LOGIN_COMPANY
|
CW Manage Login Company.
|
|
--public-key PUBLIC_KEY, --public_key PUBLIC_KEY
|
CW Manage Public API Key.
|
|
--private-key PRIVATE_KEY, --private_key PRIVATE_KEY
|
CW Manage Private API Key.
|
|
--company COMPANY
|
CW Manage Company to inject alerts to.
|
|
--board BOARD
|
CW Manage Board to record tickets.
|
The script will run as a daemon process. To keep this integration working, you must guarantee the script is running at all times.
Usage examples
Task: basic usage
Use the following command to listen to Lumu operational events and create service tickets in your ConnectWise Manage instance:
python lumu_cw_manage --company-key=<Lumu Defender Key> --host=<ConnectWise Manage Host> --login-company=<ConnectWise Manage Login Company> --public-key=<ConnectWise Manage API Member Only Public Key> --private-key=<ConnectWise Manage API Member Only Private Key> --company=<Company Name in CW to create Service Tickets> --board=<Service Desk board to be used for service ticket creation>
Task: create service tickets using a custom type, subtype, or item
Use the following command to set the type, subtype, and items in service tickets:
python lumu_cw_manage --company-key=<Lumu Defender Key> --host=<ConnectWise Manage Host> --login-company=<ConnectWise Manage Login Company> --public-key=<ConnectWise Manage API Member Only Public Key> --private-key=<ConnectWise Manage API Member Only Private Key> --company=<Company Name in CW to create Service Tickets> --board=<Service Desk board to be used for service ticket creation> --type=<Type> --subtype=<Subtype> --item=<Item>
Task: use a custom service ticket closed status
By default, the script will periodically check all the created service tickets in ConnectWise Manage to identify if they have been closed. If the service ticket status has the word Closed in it, the script will close the associated incidents in the Lumu Portal. If you want to override this configuration, use the option --closed-status as follows:
python lumu_cw_manage --company-key=<Lumu Defender Key> --host=<ConnectWise Manage Host> --login-company=<ConnectWise Manage Login Company> --public-key=<ConnectWise Manage API Member Only Public Key> --private-key=<ConnectWise Manage API Member Only Private Key> --company=<Company Name in CW to create Service Tickets> --board=<Service Desk board to be used for service ticket creation> --closed-status=<Custom Close Status>
Task: check Service Ticket status every X seconds
By default, the script checks the Service Ticket status in ConnectWise Manage every 60 seconds. If you need to change this value, use the option --check-wait as follows:
python lumu_cw_manage --company-key=<Lumu Defender Key> --host=<ConnectWise Manage Host> --login-company=<ConnectWise Manage Login Company> --public-key=<ConnectWise Manage API Member Only Public Key> --private-key=<ConnectWise Manage API Member Only Private Key> --company=<Company Name in CW to create Service Tickets> --board=<Service Desk board to be used for service ticket creation> --check-wait=120
In this example, the script will check the service ticket status every 120 seconds.
Task: save script log to file
Use the option
--logging=file
to store a record of all tasks run by the script. Using this, all the script output will be redirected to a file named
lumu_cw_manage.log
in the folder where you have deployed the script.
Other tasks
The above samples can be combined according to your needs.
Expected results
After running the script, it will listen for incident updates on Lumu. After an incident is updated on Lumu, you will see a new service ticket associated with the company and defined in the Board’s script options.
All the details are included in the ConnectWise service ticket as notes:
All new contacts are recorded in the service ticket:
After the security operations team’s investigation and closure, the script will synchronize the Lumu Portal. If the security investigator has included a resolution note in the service ticket, it will be used in the closure of the Lumu incident:
Further considerations
This script will run as a daemon to keep both systems synced. Please guarantee the script is running all the time to keep the integration working.
Troubleshooting
For identified failures on the script, please use the -v flag. This will allow you to identify failures in the script execution.
Related Articles
Connectwise PSA (formerly Manage) Out-of-the-Box SecOps Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. The ConnectWise PSA (formerly Manage) Out-of-the-Box Integration allows you to manage incidents detected by Lumu in your preferred ConnectWise PSA ...Custom Integrations - Lumu Defender API
For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. The Lumu Defender API offers a framework to help you leverage the value of existing investments by integrating Lumu’s real-time information on ...VMWare Carbon Black EDR Custom Response Integration with Lumu Defender API
Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...Microsoft Defender Custom Response Integration
Microsoft Azure is now called Entra ID This article shows how to leverage the Lumu Defender API to integrate API indicators from Windows Defender Requirements Lumu Defender API key. Windows Defender Cloud (Endpoint Plan 1 or 2) Entra ID Application ...Crowdstrike Custom Response Integration with Lumu Defender API
Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...