This article describes the required procedure to integrate Harmony Endpoint with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

• An active Harmony Endpoint Basic or above subscription
  
  • A Harmony Endpoint account with administrative privileges that allows you to access the Infinity Portal and manage API keys for the Endpoint service.
• An active Lumu Defender subscription

Preliminary Setup - Harmony Endpoint

• API Key

Create API Key

1. First, log into the Infinity Portal. Click on the Settings gear icon in the top navigation bar. Then click on the API Keys menu

2. Within the API Keys window, click on the New button in the Toolbar. Select the New account API key option.

3. In the window that opens, you will need to fill in the following fields:

• Service: Here you need to choose the Service type for the integration. Since the integration handles Endpoint type services only, choose Endpoint. (1)
• Expiration: Here you need to fill in the time of expiration for this API key. (2)

Follow your organization's guidelines to define the expiration date of your key. Remember that after the key expires, you must regenerate it and reconfigure your integration

• Description: Here, fill in the field with a distinctive name that identifies the key's purpose. (3)
• Roles: As stated in the Requirements section, the integration requires administrative privileges. Choose Admin in the dropdown box. (4)

Once the fields are all completed, click on the Create button.

4. After generating the API Key, a dialog box will appear displaying the Client ID, Secret Key, and Authentication URL. Store these values, since they will be needed later for a step in the next section.

Once you close the Create a New API Key window, you won't be able to retrieve the Secret Key or Authentication URL again.

Integration Setup - Lumu Portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Harmony Endpoint integration and click on Add.

3. Familiarize yourself with the integration details and click the Activate button to start the integration set up process.

4. Provide a meaningful Name. Under Threat Types, choose the specific threat mappings you want to push to Harmony Endpoint. Select the option Include IP Indicators to include IP addresses in the information sent to your feed list. When done, click on the orange Next button.

If you leave the Include IP Indicators option unselected, you won’t be able to change it later. You will need to remove the integration and repeat all the steps again.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. In this step, fill in the Client ID, Secret Key and Authentication URL that were created in Step 4 of the Create API Key section. Then, click on the orange Save button. Lumu will validate if the credentials provided are correct.

6. The integration is now created and active. The Lumu Portal will display the details of the created integration:

Final Steps - Validate the Integration on Harmony Endpoint

You can validate that the Harmony Endpoint integration is functioning properly by following these instructions.

Once the integration is activated, the Manage IoCs (4) module under the Policy (1) > Threat Prevention (2) > Policy Capabilities (3) section will be updated with confirmed compromises found by Lumu within the preceding 3 days.