This article shows how to leverage GLPI API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a GLPI deployment as Service Tickets, and syncing both systems.
Please, allow all the traffic to the following hosts. These are required for the operation of this integration:
Before you deploy and implement the Lumu Integration, you need to prepare your GLPI deployment to ensure the integration works as expected.
To enable the REST API in your GLPI deployment, log in to your GLPI Web console, then go to the General menu under the Setup section in the left navigation pane. In the General window, click on the API tab. There, change the Enable Rest API setting to yes. Click on the Save button.
To have traceability of all actions executed by the integration, it’s recommended to create a dedicated user for it. Create the user as you usually do through the Administration > User menu. Fill in the required data, and make sure you assign the Admin profile to it.
To create an API client and token, go to the API tab from the previous step. Once there, click on the Add API client button. The API Clients window will appear. Fill in the required data, making sure that the Active option is set to Yes. Enable the Regenerate checkbox and click the Add button.
To deploy the integration package, you have two options:
Select the alternative that best suits your needs.
Unpack the deployment package provided by Lumu in your preferred path/folder. Keep in mind this location, as it will be required for further configurations. From this point on, we will refer to this folder as <glpi_lumu_root>.
The file requirements.txt contains the list of dependencies for this integration. After deploying the package locally, run the following command from the deployment folder:
To use the script, you must locate yourself on the path selected for deployment (<glpi_root>). Use the following command to show all options available for the package:
Usage: glpi_lumu.py [options]
Options | Description |
-h, --help | show this help message and exit |
-tk GLPI_TOKEN--glpi_token GLPI_TOKEN | GLPI Token of API client |
-u GLPI_USER--glpi_user GLPI_USER | GLPI Web username |
--company_key COMPANY_KEY -key COMPANY_KEY | Lumu Defender API Key |
-p GLPI_PASSWD--glpi_passwd GLPI_PASSWD | GLPI Web usernamepassword |
-r GLPI_URL--glpi_url GLPI_URL | GLPI url, e.g http://192.168.73.180 |
--glpi_requester GLPI_REQUESTER | Optional, GLPI username for the ticket's requester |
--glpi_assigned_to GLPI_ASSIGNED_TO | Optional, GLPI username for the tickets assigned to |
--glpi_category GLPI_CATEGORY | Optional, GLPI ticket Category |
--glpi_request_source GLPI_REQUEST_SOURCE | Optional, GLPI Requests Source, e.g Lumu. |
--glpi_urgency {very_high,high,medium,low,very_low} | Optional, default “low”, GLPI Urgency, get a choice |
--logging {screen,file} -l {screen,file} | Logging option (default screen) |
--verbose, -v | Verbosity level |
Use the following command to listen to Lumu operational events and manage service tickets in your GLPI Server:
Use the following command to listen to Lumu operational events and manage service tickets in your GLPI Server, assigning specific requesters and assigned users based on your deployment:
The integration package comes with a .config_sample file. You can use it to tailor your own .config file with the required configuration for running the integration script.
- ## Config file sample # Lumu parameters company_key=<LUMU_COMPANY_KEY> # GLPI glpi_url=<GLPI_BASE_URL> glpi_user=<GLPI_USER> glpi_passwd=<GLPI_PASSWORD> glpi_token=<GLPI_TOKEN> # GLPI - Optional [glpi_assigned_to=<GLPI_USER_TO_ASSIGN_TICKETS>]
[glpi_requester=<GLPI_REQUESTED_USER>]
[glpi_category=<GLPI_CATEGORY>]
[glpi_request_source=<GLPI_REQUEST_SOURCE>]
[glpi_urgency=<very_high,high,medium,low,very_low>] # Misc # For Docker deployments, make sure you set this parameter to screen logging=[screen|file]
First, set the environment variables either in the OS or in the execution console
- company_key=<LUMU_COMPANY_KEY>
glpi_url=<GLPI_BASE_URL>
glpi_user=<GLPI_USER>
glpi_passwd=<GLPI_PASSWORD>
glpi_token=<GLPI_TOKEN>BBB
[glpi_assigned_to=<GLPI_USER_TO_ASSIGN_TICKETS>]
[glpi_requester=<GLPI_REQUESTED_USER>]
[glpi_category=<GLPI_CATEGORY>]
[glpi_request_source=<GLPI_REQUEST_SOURCE>]
[glpi_urgency=<very_high,high,medium,low,very_low>]
Then, run the following command:
Use the option --logging=file to store a record of all tasks run by the script. Using this, all the script output will be redirected to a file named lumu.log in the folder where you have deployed the script.
The above samples could be combined according to your needs.
For identified failures on the script, please use the -v flag. This will allow you to identify failures in the script execution.
The integration can be deployed in a docker environment. To do so, run the following commands located in the integration folder:
1. Build the Docker image
docker build --build-arg company_key='xxx' --build-arg glpi_token='xxx' --build-arg glpi_user='xxx' --build-arg glpi_passwd='xxx' --build-arg glpi_url='xxx' [--build-arg glpi_requester='xxx'] [--build-arg glpi_assigned_to='xxx'] --build-arg company_key='xxx' [--build-arg glpi_category='xxx'] [--build-arg glpi_request_source='xxx'] [--build-arg glpi_urgency='low'] --tag python-lumu-glpi .The reference of the arguments used in the Docker image are the same used for the script. Please refer to them for filling up this data.
2. Create and run the Docker container
docker run -d --restart unless-stopped --name lumu-glpi python-lumu-glpi
To check the live logs of the container, run the following command:
After running the script, it will listen for incident updates on Lumu. After an incident is updated on Lumu, you will see a new incident in the Tickets window in the Service Desk section.
The following table shows the transition between states among incidents in Lumu and GLPI.
GLPI state/action |
Lumu state/action |
Comments |
---|---|---|
New/Opened | Open | This applies to new incidents detected by Lumu |
Pending | Muted | |
Processing (planned) | Unmute | If the incident is unmuted, it will be marked as Processing (planned) in GLPI |
Closed | Closed |
These transitions are supported in both directions. Each transition made in one of the services will be reflected in the other. Following, you can find some examples of how the operation between both services works.
Some actions are shown below. All the states in the previous table are supported in both ways.