Defender API

Defender API

Some enterprises may already be using diverse defense solutions such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) technologies, etc. Lumu provides an easy-to-use and comprehensive API for integrating the Continuous Compromise Assessment in your organization to facilitate your cyberdefense architecture automation and orchestration.

The Lumu Defender API offers a framework to help you leverage the value of existing investments through integrating Lumu’s real-time information on confirmed compromise instances with your existing cybersecurity stack to unify and automate mitigation and remediation.

Lumu offers integrations with third-party solutions for incorporating the Continuous Compromise Assessment in your organization. For getting started with Integrations, consult our Integrations guide.
The ability to integrate Lumu with your security stack via Defender API is part of Lumu Defender. This tier allows the integration of Lumu’s real-time analysis into your security stack to mitigate and remediate compromise incidents quickly and precisely. A limited version of Lumu Defender API may also be accessible by Lumu Insights customers for basic integrations. To know more about Illumination options, visit our site.

Custom Integrations

Custom integrations leverage the Defender API to allow endless possibilities of integrations with blocking lists, firewalls, SIEMs and far more. The Lumu Defender API is based on HTTP requests and JSON responses. The following are the most common use cases of custom integrations available through the Lumu Defender API with a wide of cybersecurity solutions.

Firewall and Preventive Controls

Automate response by configuring Defender API to integrate Lumu real-time analysis with firewalls and threat feed systems to block malicious contacts.

SIEM & SOAR

The Defender API allows feeding Lumu Incidents to SIEMs for accelerating analysis and correlation, and SOARs solutions for triggering response playbooks.

Endpoints

Set up the Defender API to feed compromised endpoints and users for containment and eradication.

Other Security Solutions

Integrate Lumu’s Continuous Compromise Assessment with your security stack through out-of-the-box and custom integrations. These integrations will allow you to send Lumu’s confirmed compromise instances via API to any third-party tool for automated mitigation and remediation. Custom integrations allow endless possibilities of integrations with blocking lists, firewalls, SIEMs and far more

Defender API Setup

The company’s unique API key is found in the Defender menu of the Lumu Portal and is self-managed by company administrators.

Defender API Specifications

Explore the Defender API methods available to leverage the Lumu integration with your cyberdefense architecture in our documentation.

Custom Integrations Guides

There are some guides for reference when working with Defender API and third-party vendors:

Palo Alto Next-Gen Firewall

Leverage adversarial information provided by Lumu and feed Palo Alto with a list of domains, IPs and URLs for automatic response. Consult our documentation for reference.

Cisco Umbrella

Automate response by posting URLs identified by Lumu through API to Umbrella’s Destination list. Consult our documentation for reference.

Crowdstrike

Delivery security insights by adding new IoCs through API with a specific policy for each adversary entry. Consult our documentation for reference.

Resources on how to easily integrate Lumu with third-party solutions in our documentation.

        • Related Articles

        • Crowdstrike Response Integration with Lumu Defender API

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...
        • VMWare Carbon Black EDR Response Integration with Lumu Defender API

          This article shows how to leverage adversarial information from Lumu and feed Carbon Black Reports to VMWare Carbon Black EDR. Figure 1 - Data collection setup from VMWare Carbon Black EDR to Lumu The Lumu Defender API offers a framework to help you ...
        • Palo Alto Next-Gen Firewall Integration with Lumu Defender API

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...
        • Defender API Specification

          The Lumu Defender API is based on HTTP requests and JSON responses. This documentation provides you with the API endpoint requirements, sample JSON files, request parameters, and response messages. The Lumu Defender API offers a framework to help you ...
        • Cisco Umbrella Response Integration with Lumu Defender API

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...