Some enterprises may already be using diverse defense solutions such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) technologies, etc. Lumu provides an easy-to-use and comprehensive API for integrating the Continuous Compromise Assessment in your organization to facilitate your cyberdefense architecture automation and orchestration.
The Lumu Defender API offers a framework to help you leverage the value of existing investments through integrating Lumu’s real-time information on confirmed compromise instances with your existing cybersecurity stack to unify and automate mitigation and remediation.
Lumu offers integrations with third-party solutions for incorporating the Continuous Compromise Assessment in your organization. For getting started with Integrations, consult our
The ability to integrate Lumu with your security stack via Defender API is part of Lumu Defender. This tier allows the integration of Lumu’s real-time analysis into your security stack to mitigate and remediate compromise incidents quickly and precisely. A limited version of Lumu Defender API may also be accessible by Lumu Insights customers for basic integrations. To know more about Illumination options,
visit our site
Custom integrations leverage the Defender API to allow endless possibilities of integrations with blocking lists, firewalls, SIEMs and far more. The Lumu Defender API is based on HTTP requests and JSON responses. The following are the most common use cases of custom integrations available through the Lumu Defender API with a wide of cybersecurity solutions.
Firewall and Preventive Controls
Automate response by configuring Defender API to integrate Lumu real-time analysis with firewalls and threat feed systems to block malicious contacts.
SIEM & SOAR
The Defender API allows feeding Lumu Incidents to SIEMs for accelerating analysis and correlation, and SOARs solutions for triggering response playbooks.
Set up the Defender API to feed compromised endpoints and users for containment and eradication.
Other Security Solutions
Integrate Lumu’s Continuous Compromise Assessment with your security stack through out-of-the-box and custom integrations. These integrations will allow you to send Lumu’s confirmed compromise instances via API to any third-party tool for automated mitigation and remediation. Custom integrations allow endless possibilities of integrations with blocking lists, firewalls, SIEMs and far more
Defender API Setup
The company’s unique API key is found in the Defender menu of the Lumu Portal and is self-managed by company administrators.
Defender API Specifications
Explore the Defender API methods available to leverage the Lumu integration with your cyberdefense architecture in
Custom Integrations Guides
There are some guides for reference when working with Defender API and third-party vendors:
Palo Alto Next-Gen Firewall
Leverage adversarial information provided by Lumu and feed Palo Alto with a list of domains, IPs and URLs for automatic response. Consult our documentation for reference.
Automate response by posting URLs identified by Lumu through API to Umbrella’s Destination list. Consult our documentation for reference.
Delivery security insights by adding new IoCs through API with a specific policy for each adversary entry. Consult our documentation for reference.
Custom and Out-of-the-box Featured Integrations
Resources on how to easily integrate Lumu with third-party solutions in our documentation.