Google Chat Out-of-the-Box SecOps Integration
Requirements
- Google Workspace account
- A Business or Enterprise Google Workspace account with access to Google Chat
- Your Google Workspace organization must allow you to add and use incoming webhooks
- Lumu subscription
- An Active Lumu Insights or Lumu Defender subscription
Configure Google Chat Incoming Webhook
1. You will need to create a Google Chat space in order to receive messages. To do this, go to Google Chat, click on New Chat and then click on Create a space
2. In the Create a space window, choose a name for the space and click on Create.
3. Once the Google Chat space is created, open the dropdown menu next to the space title and select Apps & integrations..
4. In the Apps window, navigate to the Webhooks section and click on Add webhooks.
5. In the next window, enter the Incoming webhook details, including a Name and Avatar URL (optional). Then click on Save.
6. After adding the webhook, copy the generated webhook URL, it will be needed for a later step..
Add Integration
Log into your Lumu account through the Lumu Portal Client or the Lumu MSP Portal and navigate to the integrations screen.
1. Under Integrations > Apps, go to the SecOps tab
2. Locate the Google Chat integration
3. Familiarize yourself with the integration details. Click the Activate button to start setting up the integration.
4. Add a meaningful integration name. Next, select the incident events for which you would like to receive notifications.
5. Copy the Webhook URL generated earlier from the incoming webhook.
If your webhook URL is valid, the integration will display the following message:
6. You can now see the details of the created integration.
Operating the integration
You are now set to track your Lumu incidents in your Google Chat space. Each new or updated incident detected by Lumu will trigger a notification in Google Chat, providing comprehensive incident details.
- New incident:
- Integrations response updated:
- Incident muted:
- Incident un-muted:
- Incident Closed
- Incident Comment Added
- Incident Updated
- Incident Marked As Read
Remember that an incident cannot be reopened in the Lumu portal. However, it can be unmuted.
Related Articles
Google Cloud Platform VPC Out-of-the-box Data Collection Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Google Cloud Platform (GGP) VPC to pull and collect data from your network in the form of logs, and ...QRadar Out-of-the-Box SecOps Integration
If by any chance you are looking for the Lumu Qradar Custom App, it is strongly suggested to start using this Out-of-the-box Integration instead. To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. The ...Palo Alto Cortex XSOAR Out-of-the-Box SecOps Integration
The Palo Alto Cortex XSOAR Out-of-the-box SecOps integration with the Lumu Content Pack for Cortex XSOAR allows you to operate all of your Lumu detections as Cortex incidents. After installing and configuring a new instance of the Lumu Content Pack ...Gmail for Google Workspace Out-of-the-Box Data Collection Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Google License Google Workspace Business Starter or above Google Workspace for Education Fundamentals or above Lumu License An active Lumu ...Slack Out-of-the-Box SecOps Integration
Requirements A Slack Free or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Slack Incoming Webhook 1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option. 2. Click on ...