You may think that deploying Lumu will be cumbersome and time-consuming; however, you can start Illuminating threats and adversaries with Lumu in no time at all.

In this article, we will learn how to start illuminating threats with Lumu to reveal the real state of your network in three simple steps:

1. Create a Lumu Account

1. The first step to get started is to create a Lumu account. To do so, you can head to the Lumu Portal, and below the log in form, look for the option to create an account.

You can also set up your account via single-sign-on if your organization’s identity provider supports it. Consult our documentation to learn how to do so.

2. There, you will find the account creation form. Provide all the required information, which includes your name, country, a corporate email and a secure password. Then, click on Create my Lumu free account.

Please note that email addresses from commercial domains such as gmail.com, hotmail.com, yahoo.com, and similar are not supported for account creation. Only corporate email addresses are allowed.

3. You will see the following message letting you know that a confirmation link has been sent to your email address.

Head to your inbox and look for the confirmation email. If you can’t find it, look for it in your spambox or any other relevant folders. The email will come from the address notifications@lumu.io. Click on the button to Activate your Account.

4. You will be taken to the following screen letting you know that the activation has been successful. After a few seconds, it will take you to the Lumu Portal where you can log in using your recently created credentials.

After logging in, you will be able to complete the Lumu Onboarding experience to create your first metadata collector.

2. Create Metadata Collectors

The easiest way to create your first metadata collector is to follow along the onboarding experience. Let’s take a look at the onboarding so you can choose the correct options to deploy

the appropriate collectors for your network. You will be first met with this screen where you must select whether you’re capable of deploying a virtual appliance.

VAs or virtual appliances are one of our most recommended collectors; however, they require a certain level of technical expertise and access to your organization's cybersecurity solutions.

So we recommend that you:

• Select that you are able to deploy a virtualized machine" if you have experience with virtualization, the technical skills to configure a virtual appliance, and both knowledge of and access to your organization’s cybersecurity stack.
• Conversely, select that you are not able to deploy a virtualized machine" if you do not meet these requirements and prefer a simpler—though less powerful—metadata collector option. In this case, a gateway.

Lumu Onboarding - I’m able to deploy a Virtualized Machine

If you select that you are able to deploy the VA, you will be then prompted to select the type of technology that you wish to collect metadata from. Let’s assume that Firewall will be selected, another drop-down menu will appear prompting you to select the technology. In this case, we will select Fortigate.

Select Next. Now you must assign an identifiable name to your VA collector. Do so and select Create.

Once done, you will be taken to the following screen where you will see your VA’s activation code alongside some resources to assist you in deploying the VA.

We have several resources to assist you in this task. We highly recommend the Set up Your Lumu Free Account course, which has interactive tutorials for downloading, setting up and configuring your first virtual appliance. You can also access our technical documentation on Lumu Virtual Appliances if you want a more straightforward resource.

Lumu Onboarding - I’m not able to deploy a Virtualized Machine

Now, let’s look at the onboarding steps when deploying a VA is not a possibility.

1. When you select that you are not able to deploy a virtualized machine, you must click on next.

2. This will take you to a screen where you will be prompted to create a public gateway, which is a collector you can deploy very easily. Assign an identifiable name to your gateway, and provide the IP address of the device you want to collect metadata from, and click on Create.

Alternatively, you can set it to use the public IP address of the device you are using; however, that will only collect metadata from the traffic of said device.

3. Once that’s done, you will be directed to the following screen where you will be instructed to configure the device’s DNS address to point to Lumu.

This is a straightforward procedure and we have some available resources to assist you with it such as our technical documentation.

Testing your configuration

After configuring your first collector during the onboarding, you will be able to test your configuration using the provided option.

A progress bar will pop up showing you that Lumu is validating your configuration. Wait for it to complete to be certain that you are properly sending traffic to Lumu.

There are other powerful collectors at your disposal, such as Lumu Agents, Agent Windows Server Collectors, and Data Collection Integrations. We highly recommend completing our Set up Your Lumu Free Account course to learn more.

Alternatively, you can manually validate your DNS settings by simulating an incident, which will lead us onto the third step: Incident Monitoring

3. Incident Monitoring

Finally, after properly configuring your first collectors, you will be able to monitor the device’s cybersecurity state using the Lumu Portal. You can do this by using the Incidents view.

Any new incident, simulated or otherwise, will show up in the portal’s incident view.

The Lumu Incidents view will be your main resource for incident monitoring and operation. There, you will see any contacts that Lumu has deemed malicious which will be displayed as incidents, along with any relevant information about the contact that you can use for operation.

If you click on any incident, you will find additional details such as the affected endpoint, number of contacts, affected labels, and more.

This is the view where you will learn the most about the security incidents your organization is facing and where you will operate them within Lumu. You can learn more about the Incidents view in the following articles:

• Incidents
• Incident Details
• Incident Prioritization and Operation

Now you should be able to get a deeper look into your organization’s cybersecurity state and see the value of Lumu.

Extra Step - Automated Response

One of Lumu’s most powerful features is Lumu’s Out-of-the-Box response integrations. Companies can make use of them to integrate Lumu with their cybersecurity stack to automate their response procedures. This feature isn't available for Lumu Free customers as it is exclusive of the Lumu Defender tier; however, it is strongly recommended that you implement any available integrations to strengthen your organization’s cybersecurity posture.

If you want to learn more about Lumu Defender, make sure to learn about our offerings and pricing.