This article shows how to leverage GLPI API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a GLPI deployment as Service Tickets, and syncing both systems.

Requirements

• A GLPI active server and Web access.
• An active Defender subscription.
• Lumu Defender API key.
• To retrieve an API token, please refer to the Defender API document.
• Script host.
• A scripting host is required to deploy the integration. This host must have Internet visibility over the Lumu Defender API and the GLPI server. According to the deployment model you select, you will need a host with:
• Python 3.10+, or
• A Docker-enabled host
• Script package.
• Contact the Lumu support team to request the package we created to deploy the required files.

Before you start

Contacted hosts

Please, allow all the traffic to the following hosts. These are required for the operation of this integration:

• GLPI server IP
• defender.lumu.io
• pypi.org
• files.pythonhosted.org
• *.docker.com (for Docker deployments)

Prepare GLPI for Lumu integration

Before you deploy and implement the Lumu Integration, you need to prepare your GLPI deployment to ensure the integration works as expected.

Enable REST API

To enable the REST API in your GLPI deployment, log in to your GLPI Web console, then go to the General menu under the Setup section in the left navigation pane. In the General window, click on the API tab. There, change the Enable Rest API setting to yes. Click on the Save button.

Create an integration user (recommended)

To have traceability of all actions executed by the integration, it’s recommended to create a dedicated user for it. Create the user as you usually do through the Administration > User menu. Fill in the required data, and make sure you assign the Admin profile to it.

If your GLPI deployment serves multiple customers or entities, please configure this new user to have Admin permissions on the desired entity only.

Create API Client - API Token

To create an API client and token, go to the API tab from the previous step. Once there, click on the Add API client button. The API Clients window will appear. Fill in the required data, making sure that the Active option is set to Yes. Enable the Regenerate checkbox and click the Add button.

Make sure you copy the Application token before closing the API Client window. This string will be required later.

Deploy the package

Remember to contact the Lumu support team to acquire the deployment package if you haven’t already done so.

To deploy the integration package, you have two options:

• Run it as a Python script.
• Run it as a Docker container.

Select the alternative that best suits your needs.

Run it as a Python script

Script location

Unpack the deployment package provided by Lumu in your preferred path/folder. Keep in mind this location, as it will be required for further configurations. From this point on, we will refer to this folder as <glpi_lumu_root>.

Install requirements

The file requirements.txt contains the list of dependencies for this integration. After deploying the package locally, run the following command from the deployment folder:

Script details

To use the script, you must locate yourself on the path selected for deployment (<glpi_root>). Use the following command to show all options available for the package:

Usage: glpi_lumu.py [options]

The script will run as a daemon process. To keep this integration working, you need to guarantee the script is running all the time.

Usage examples

Task: basic usage or standard usage

Use the following command to listen to Lumu operational events and manage service tickets in your GLPI Server:

This example will allow you to manage GLPI tickets without assigning any user to the ticket.

Task: basic usage or standard usage with ticket user

Parameters in square brackets: "[<parameter>]" are optional.

Use the following command to listen to Lumu operational events and manage service tickets in your GLPI Server, assigning specific requesters and assigned users based on your deployment:

Task: use a configuration file for setting up script variables

The integration package comes with a .config_sample file. You can use it to tailor your own .config file with the required configuration for running the integration script.

## Config file sample
# Lumu parameters
company_key=<LUMU_COMPANY_KEY>
# GLPI
glpi_url=<GLPI_BASE_URL>
glpi_user=<GLPI_USER>
glpi_passwd=<GLPI_PASSWORD>
glpi_token=<GLPI_TOKEN>
# GLPI - Optional
[glpi_assigned_to=<GLPI_USER_TO_ASSIGN_TICKETS>]
[glpi_requester=<GLPI_REQUESTED_USER>]
[glpi_category=<GLPI_CATEGORY>]
[glpi_request_source=<GLPI_REQUEST_SOURCE>]
[glpi_urgency=<very_high,high,medium,low,very_low>]
# Misc
# For Docker deployments, make sure you set this parameter to screen
logging=[screen|file]

Task: use environment variables to run the integration

First, set the environment variables either in the OS or in the execution console

company_key=<LUMU_COMPANY_KEY>
glpi_url=<GLPI_BASE_URL>
glpi_user=<GLPI_USER>
glpi_passwd=<GLPI_PASSWORD>
glpi_token=<GLPI_TOKEN>BBB
[glpi_assigned_to=<GLPI_USER_TO_ASSIGN_TICKETS>]
[glpi_requester=<GLPI_REQUESTED_USER>]
[glpi_category=<GLPI_CATEGORY>]
[glpi_request_source=<GLPI_REQUEST_SOURCE>]
[glpi_urgency=<very_high,high,medium,low,very_low>]

Then, run the following command:

Task: log the script output into a file

Use the option --logging=file to store a record of all tasks run by the script. Using this, all the script output will be redirected to a file named lumu.log in the folder where you have deployed the script.

Other tasks

The above samples could be combined according to your needs.

Troubleshooting

For identified failures on the script, please use the -v flag. This will allow you to identify failures in the script execution.

Run it as a Docker container

Parameters in square brackets: "[<parameter>]" are optional.

The integration can be deployed in a docker environment. To do so, run the following commands located in the integration folder:

1. Build the Docker image

docker build --build-arg company_key='xxx' --build-arg glpi_token='xxx' --build-arg glpi_user='xxx' --build-arg glpi_passwd='xxx' --build-arg glpi_url='xxx' [--build-arg glpi_requester='xxx'] [--build-arg glpi_assigned_to='xxx'] --build-arg company_key='xxx' [--build-arg glpi_category='xxx'] [--build-arg glpi_request_source='xxx'] [--build-arg glpi_urgency='low'] --tag python-lumu-glpi .

The reference of the arguments used in the Docker image are the same used for the script. Please refer to them for filling up this data.

2. Create and run the Docker container

docker run -d --restart unless-stopped --name lumu-glpi python-lumu-glpi

Troubleshooting

To check the live logs of the container, run the following command:

Expected results

After running the script, it will listen for incident updates on Lumu. After an incident is updated on Lumu, you will see a new incident in the Tickets window in the Service Desk section.

The following table shows the transition between states among incidents in Lumu and GLPI.

These transitions are supported in both directions. Each transition made in one of the services will be reflected in the other. Following, you can find some examples of how the operation between both services works.

Activity from Lumu to GLPI portal

Some actions are shown below. All the states in the previous table are supported in both ways.

GLPI Ticket Description - New/Update incident

Close Incident

Activity from GLPI Platform to Lumu Portal

Pending/processing Ticket