This article shows how to leverage HaloPSA API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a HaloPSA deployment as Tickets, and syncing both systems.
Allow all traffic to the following hosts. These are required for the operation of this integration:
Before you deploy and implement the Lumu Integration, you need to prepare your HaloPSA deployment to ensure the integration works as expected.
To identify your instance, go to your Web browser and open your HaloPSA console. Check the URL and extract your instance name. Your HaloPSA URL must look like <INSTANCE>.halopsa.com. That is your instance name.
To create an API account, log in to your HaloPSA console. Go to Configuration > Integrations > HaloPSA API
Now, click on the View Applications button. Click on the New button to add an application. Fill in the requested information following these directions:
All HaloPSA tickets must belong to a ticket type. A ticket type is a template that defines all the fields, values, and rules needed for your operation. To select the ticket type to be assigned to Lumu-related tickets, use your HaloPSA console and go to Configuration > Tickets > Ticket Types option.
To achieve a bi-directional integration, you need to identify which ticket statuses will match with Lumu incidents’ states. Based on your previous selection of the ticket type, using your HaloPSA console, go to the Configuration > Tickets > Ticket Statuses option. In this section are listed the status names that a ticket can have.
Check the status names and verify they match in the Map key of the YAML configuration file companies.template.yml in the integration package. Normally, you don’t have to modify the mapping in the YAML file, if the mapping does not match just change it for the right names in the YAML according to the identified states.
Example of the YAML config File Map Key:
- Map:
StatusAction:
"In Progress": "unmute"
"Approved": "unmute"
"Awaiting Approval": "mute"
"On Hold": "mute"
"Closed": "close"
StatusEvent:
IncidentClosed: "Closed"
IncidentMuted: "On Hold"
IncidentUnmuted: "In Progress"
The StatusAction group maps HaloPSA statuses with Lumu incident states. If you need to make changes, modify the key with the name of HaloPSA ticket status that will match with Lumu incident state. The StatusEvent group maps Lumu incident states with specific HaloPSA ticket status. If you need to make changes, modify the values of its keys accordingly.
Check if you need to associate an Organization to the integration tickets. To collect its exact name, use your HaloPSA console and go to Configuration > Organization. Copy the exact name and save it for later use.
Besides the HaloPSA organization, check if you need to identify the client associated with it. To identify and collect the client’s name, use your HaloPSA console and go to the Customer > Clients section. Identify and collect the name of the client you want to associate Lumu incidents.
For HaloPSA, a Client can have operation in one or multiple sites. If you need to associate the ticket created by the integration with a specific site, you need to identify and select the site under the client configuration. To identify the site, use your HaloPSA console and go to the Customer > Sites section. Identify and collect the name of the client’s site you want to associate Lumu incidents.
If you need, you can define the user who will be used as the reporter of the ticket. To identify the user you want to use, use your HaloPSA console and go to the Customer > Users section. Identify and collect the name of the user you want to use as the reporter of the ticket.
The integration requires this complementary information:
Priority is bound to an SLA, and the SLA is bound to the Ticket type, then a ticket has to have a priority associated. If you need to add priority to the Lumu-related tickets, first identify the SLA applicable to the HaloPSA ticket type, then check the priorities available for the SLA.
1. To identify the applicable SLA for the selected ticket type, go to the Configuration > Tickets > Ticket Types option. Under the Ticket Type window select the ticket type and go to the Defaults tab. There, you will find the Service Level Agreement field.
2. With the collected name, you can check the priorities related to the SLA. Go to the Configuration > Tickets > Service Level Agreements option. There, click on the Service Level Agreement button.
3. Click on the SLA record. Go to the Priorities tab. From this list select the SLA, then go to the Priorities tab. Select the Priority you want to assign to the Lumu-related tickets.
You need to select a Category for Lumu-related tickets. To do so:
1. Check your category listing by going to the Configuration > Tickets > Categorisation section. Click on the Edit Category 1 Values button.
2. From the category list, select the one you want to use for Lumu-related tickets.
You need to select an Urgency for Lumu-related tickets. To do so, check the Urgency levels available in your environment. To check the urgency levels, go to the Configuration > Advanced Settings option. There, look for and click on the Lookup Codes button. Select Urgency Level from the drop-down list.
You need to select an impact for Lumu-related tickets. To do so, check the Impact levels available in your environment. To check the impact levels, go to the Configuration > Advanced Settings option. There, look for and click on the Lookup Codes button. Select Impact Level from the drop-down list.
The integration set-up process needs you to collect this information from Lumu portal:
Log in to your Lumu portal and run the following procedures to collect these data.
To collect the Lumu Defender API key, refer to the Defender API document.
To collect your Lumu company UUID, log in to your Lumu portal. Once you are in the main window, copy the string below your company name.
There are 2 environment options to deploy the script, select the one that best fits your current infrastructure.
Whichever alternative you select, you need to first unpack the integration package shared by our Support team.
Unpack the deployment package provided by Lumu in your preferred path/folder. Keep in mind this location, as it will be required for further configurations. From now on, we will refer to this folder as <app_lumu_root>.
To set up the integration, you need to add and edit a configuration file. This file contains all the parameters needed to run properly. The configuration file looks as follows:
To deploy the integration as a script, you need to run the install.sh script inside the integration package.
The installation script will set up the Python environment and an auxiliary cron job.
To use the script, you must locate yourself on the path selected for deployment ( <app_root_path> ). Use the following command to show the help command line
Usage: halopsa_lumu.py [options]
Options | Description |
-h, --help | show this help message and exit |
--config CONFIG | CONFIG FILE PATH of the companies(s). (Default: companies.yml) |
-v, --verbose | Verbosity level (Default INFO) |
-l {screen,file}, --logging {screen,file} | Logging option (Default screen) |
--hours HOURS | Database maintenance time (USE IT WITH CAUTION) |
Use the following command to listen to Lumu operational events and manage service tickets in your HaloPSA instance:
The application will run reading the CONFIG file and keep the preceding HOURS tickets/incidents, by default 720 (30 days)
Use the option --logging=file to store a record of all tasks run by the script. Using this, all the script output will be redirected to a file named lumu.log in the folder where you have deployed the script.
The above samples can be combined according to your needs.
To identify failures on the script execution, use the -v flag to activate DEBUG logs.
The application runs one instance at a time. The script will block multiple attempts to run the same integration if one is already running. If this is the case, the following message appears.
The integration can be deployed in a docker environment. To do so, run the following commands located in the integration folder:
1. Build the Docker image
2. Create and run the Docker container
For troubleshooting purposes, you can run the following commands:
To log in to your container using an interactive shell:
To collect integration logs:
After running the script, you will see the Lumu-related tickets (incidents) in the Service Desk > Tickets section. Select a view to filter the tickets if needed.
Any updates and status changes will be reflected in the Details and the Comment section of the Ticket