This article describes the required procedure to integrate iboss Zero Trust with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

• iboss Account
  
  • An active iboss Zero Trust SSE Zero Trust Core or above subscription.
  • An account with administrative privileges that allows you to access the Block List Policy Layer.
• Lumu License
  
  • An active Lumu Defender subscription.

Preliminary Setup - iboss Cloud console

• A custom user for the integration to interface with iboss console
• The custom user password

It’s strongly encouraged to create a custom role and a custom role to configure the integration. This helps to preserve the principle of least privilege.

Create a custom role for the integration

1. On the top navigator bar, click on the Home button. Next, click on the System Administrators tab. Then, click on the Role-Based Access Control menu. Finally, click on the Add Custom RBAC Group button

2. Enter a name for your role. Enable only the Gateway toggle under the Grant System Administrator Access. Click on the Gateway Permissions tab.

Take note of the custom role name. It will be required later

3. Select the Full option in the Administrator Type field. Save the custom role by clicking on the Add RBAC Group button

Create a user for the integration

1. On the top navigator bar, click on the Home button. Click on the System Administrators tab, and click on the System Administrators sub-tab. Then, click on the Add New System Administrator button.

2. Enter the System Administrator Email Address, First Name, and Last Name. Mark the custom role created before in Step 2 of the Create a custom role for the integration section. Save your integration user by clicking on the Add New System Administrator button.

3. You will receive an email to the address you introduced in the previous step confirming the role you created and requesting a password for the role. Keep this password on hand, since it will be needed in a further step.

Integration Setup - Lumu Portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the iboss Zero Trust SSE integration. The list is organized in alphabetical order from A to Z.

Click on the Add button.

3. On the window that opens, familiarize yourself with the integration details as well as best use cases and requirements. Next, click the orange Activate button to start the integration setup process.

4. Provide a meaningful Name. Under Threat Types, choose the specific threat mappings you want to push to iboss Zero Trust. Select the option Include IP Indicators to include IP addresses in the information sent to your feed list. When done, click on the orange Next button.

If you leave the Include IP Indicators option unselected, you won’t be able to change it later. You will need to remove the integration and repeat all the steps again.

5. Fill in the User name and the Password for the iboss account the integration is being set up for.

a. The User Name is the same email address you introduced in Step 2 of Create a user for the integration section.

b. The Password is the password you defined in the email you received in Step 3 of Create a user for the integration section.

Click the Next button. Lumu will validate if the credentials provided are correct.

6. In the following window, you will be asked to select one of two options:

a. Select a maximum of 3 groups within your Security Policy Groups where the indicators will be pushed to. The drop-down list will populate with the groups already set up on iboss Zero Trust.

b. You can select to push them globally. This will push indicators to all groups already set up on iboss Zero Trust.

Once done, click on the orange Activate button.

7. The integration is now created and active. The Lumu Portal will display the details of the created integration

Final Steps - Validate the Integration on the Zero Trust SASE

1. Login to iboss Cloud.

2. Click on Zero Trust SASE and then on Security Policies. Under the Group-Based Policies heading, click on Block List

3. Use the group navigator found in the upper middle of this panel to find the groups you selected in Step 6 of the Integration Setup - Lumu Portal section. Here, you can:

a. Move forwards or backwards to find the group you assigned the integration to push IOCs to.

b. Use the magnifying glass to specify a name in its text field.

If you chose to push IOCs globally, then any group will serve as a way to verify that the integration is functioning properly.

4. When you have found the group you want to verify the integration for, you will see the following screen, where you can verify that IOCs are being pushed to your selected group.