HaloPSA Out-of-the-Box SecOps Integration
Requirements
- A HaloPSA subscription
- An Active Lumu Insights or Lumu Defender subscription
Configure HaloPSA
To set up the integration, you will need to create a pair of API credentials in HaloPSA to give Lumu access and the following data:
| Data | Description |
| Client ID | Public identifier for the client application |
| Client Secret | Private key known only to the client application and the HaloPSA API server. |
| Organisation | Name of the parent organisation where the company you want to associate the tickets with belongs |
| Ticket Type | The ticket type to be used by the integration to create tickets |
| Company | Name of the company you want to associate the tickets with |
| Site | Name of the site of the company you want to associate the tickets with |
| Open status | The status that is assigned to the ticket when the integration creates it. |
| Closed status | The status that corresponds to a closed incident. |
| Muted status | The status that corresponds to a muted incident. |
| Priority | The priority level that is assigned to the ticket when the integration creates it |
| Urgency | The urgency level that is assigned to the ticket when the integration creates it |
During the first part of this procedure, you will configure HaloPSA to ensure the integration works as expected.
API Credentials
1. To set up the integration, you must create a pair of credentials through the Configuration panel.
You will find the following options. Navigate to the Advanced → Integrations menu and click on it.
2. Click on the HaloPSA API option.
3. In the API Details section, write down the base URL, without the path. You’ll need it for a later step, and this step is crucial for the integration to operate correctly. For example, in the provided scenario, save the URL as follows: https://lumu01.halopsa.com
4. Click on the View Applications button to generate a set of credentials. Then, click on New.
5. Specify the application name, then choose the Client ID and Client Secret (Services) option under the Authentication Method. Next, select the required permissions as indicated in the table below.
1 Section Usage 2 admin:webhooks Allow to create webhooks and event webhooks for your HaloPSA organization. 3 read:tickets Allow to read tickets for a specific customer in your HaloPSA organization. 4 edit:tickets Allow to create tickets for a specific customer in your HaloPSA organization. 5 read:customers Allow to retrieve customer data from your HaloPSA organization. You need to save the Client ID and the Client Secret in a safe place. Both of them will be needed later.
Organisation
If your HaloPSA instance operates on multi-tenant mode, make sure that you select the appropriate organisation when creating tickets. The organisation you need is the one where your end customer belongs.
Ticket Type
1. In the Configuration panel, click on the Core Features → Tickets → Ticket Types menu.
2. Click on the New button to create a new ticket type, inheriting default options and fields from the Incident ticket type.
3. Under the details view, specify the Ticket Type Name for the new ticket type. We suggest naming it Lumu Incidents. Next, choose ITIL Ticket Type and select Incident as the value. Then, under Use, select Tickets as the value. Other options must be defined based on your needs.
4. In the default view, please specify the Initial Status (choose the one representing an open incident in Lumu for synchronization). Next, select the Team and the Agent to assign the tickets to.
5. In the same default view, specify a Category, preferably tailored for Lumu to aid ticket filtering.
6. In the same default view, check the option “Apply defaults when Tickets are changed to this Ticket Type” to maintain synchronization.
7. Under the Field List view, select the mandatory fields for ticket creation. Click on the Add button.
8. Make sure you add the following fields:
- Summary
- Details
- Priority
- Urgency
- Impact
9. For the Summary field, choose the display options as follows.
10. For the Details field, select the display options as follows.
11. For the Priority field, choose the display options as follows.
12. For the Urgency field, choose the display options as follows.
13. For the Impact field, choose the display options as follows.
14. After setting up the ticket type, click Save. The Lumu integration with HaloPSA must use this ticket type.
15. Create a template to ensure tickets include an impact field. In the Configuration panel, go to Core Features → Tickets → Templates menu and click on it.
16. Give the template a meaningful name, such as Lumu Template.
17. Select the previously created ticket type and choose the appropriate impact field for ticket creation with the ticket type created above.
18. Click on Save.
19. Go back to the ticket type and select the created template.
Customers
The tickets created by the integration will be associated with a company managed in your HaloPSA portal.
The integration creation process will display the available customers for you to choose from.
Site
The tickets created by the integration will be associated with a site from the selected customer.
Status
Incidents in the Lumu Portal can have three statuses:
1. Open: new contacts with the adversary have been detected.
2. Closed: the incident has been resolved. A new contact with the same adversary will create a new incident.
3. Muted: the incident is no longer updated with new contacts.
You must provide three statuses from HaloPSA to match the ones above. Please note that an incident cannot be reopened in the Lumu portal. However, it can be unmuted.
While creating the integration, the Lumu Portal will list the available statuses for you. To create new statuses, go to the Configuration → Tickets → Statuses menu.
Priority
You can assign a priority to the tickets created by the integration. You can choose a different one for each threat type if you wish to do so.
To create new statuses, click on the Configuration → Tickets → Rules menu.
Urgency
Urgency refers to how quickly a particular ticket or request needs to be addressed or resolved. It is often determined by factors such as the severity of the issue, the impact on users or operations, and any associated deadlines or SLAs (Service Level Agreements). Tickets with higher urgency levels typically require immediate attention to prevent further problems or disruptions.
Impact
Impact relates to the extent or significance of the issue or request on the customers or users. It measures the consequences of the problem if left unaddressed or unresolved. For example, an issue that affects a critical system used by many users would have a Company-Wide impact, while a minor inconvenience affecting only a few users might have a Single User Affected or Multiple Users Affected.
Add Integration
1. Log into your MSP Lumu account through the Lumu MSP Portal and navigate to the Integrations screen
2. Locate the HaloPSA integration.
3. Familiarize yourself with the integration details and click the Activate button to start setting up the integration.
4. First, add the integration name. Then, copy the server URL saved earlier and paste it into the Server URL field. Next, copy the Client ID and the Client Secret created in the previous steps. Click on Next.
5. Select the Organisation that you want to associate the tickets with. Click on Next.
6. Select the ticket type.
Make sure you use the Ticket Type created above. Using a different Ticket Type may cause the integration to not work as expected. Click on Next.7. Select the company with which you want to associate the tickets. Then, select a site from that company. Click on Next.
8. Select the statuses in the Lumu MSP portal that correspond to the statuses of the tickets in HaloPSA.. Click on Next.
9. Select the default Priority value and the default Urgency value to be assigned to all tickets. Click on Activate.
10. You can now see the details of the created integration
11. You can also save templates for integrations already created.It’s strongly encouraged not to change the Client Secret used for setting up the integration the first time. If you do so, the integration won’t be able to sync Lumu incidents with HaloPSA tickets and vice versa.
Operating the Integration
Now, you are ready to operate Lumu incidents from HaloPSA tickets. Each new or updated contact detected by Lumu will create or update a Ticket in HaloPSA with the categorization selected by you when configuring the integration.
Related Articles
Datto Autotask Out-of-the-box SecOps Integration
Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...Kaseya BMS PSA Custom SecOps Integration
This article shows how to leverage Kaseya BMS API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a BMS deployment as Service Desk - Tickets, and syncing both systems. SecOps integration between Kaseya BMS and ...Slack Out-of-the-Box SecOps Integration
Requirements A Slack Free or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Slack Incoming Webhook 1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option. 2. Click on ...Microsoft Teams Out-of-the-Box SecOps Integration
Requirements Microsoft Teams A Microsoft Teams Essentials subscription or above An Active Lumu Insights or Lumu Defender subscription Incoming Webhooks connectors will be retired by Microsoft. We strongly advice to migrate to the Webhook model. You ...Universal SIEM Out-of-the-Box SecOps Integration
Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...