Incident Details - Detections

Incident Details - Detections

The Detections Panel is the core investigative hub within the Lumu Portal. When suspicious activity on your network escalates into a confirmed incident, this panel serves as your team's starting point for rapid triage and response. It is designed to transform complex, raw metadata into a clear and actionable narrative, providing analysts with the exact context they need to understand the scope, severity, and source of an attack.

Because no two cyber threats operate exactly the same way, the Detections Panel is built to be highly dynamic. Rather than forcing a static dashboard on every alert, the interface adapts its layout and the data it presents based on the specific incident type detected.

For example, for a DNS Tunneling incident will display the following information:


While a Login Brute Force incident will display the following: 

Regardless of the threat, the Detections Panel ensures that the most critical, incident-specific intelligence is always front and center, empowering your security operations team to make faster, more accurate decisions during an active investigation.
Check out the following articles to fully understand the information shown in the Lumu Portal by each incident detection: 
  1. DNS Tunneling Detection
  2. Login Brute Force Detection
  3. Unusual Login Detection
  4. Data Exfiltration Detection
  5. Anonymized Login Detection
  6. Network Brute Force Detection

      Get an AI Summary

          • Related Articles

          • Incident Details - Threat Intel

            This panel is only visible for Phishing, C&C, Malware, Spam and Mining incidents The Threat Intel Panel provides the tactical and strategic vision necessary to understand exactly who you are up against. This tab equips your security team with a suite ...
          • Lumu Incident Detections

            In today's evolving threat landscape, perimeter defenses alone are insufficient to protect an organization's critical assets. As adversaries develop more sophisticated methods to bypass traditional security controls, the ability to rapidly detect, ...
          • Incident Details - Highlights

            the Highlights Panel is exclusively dedicated to incidents involving contact with malicious infrastructure. When your network communicates with adversarial assets—such as phishing sites, Command and Control (C&C) servers, malware distribution nodes, ...
          • Network Brute Force Detection

            Learn how to effectively investigate, contain and remediate this incident by following our Response Playbook. Network Bruteforce incidents are patterns of high-volume, repetitive connection attempts from a source endpoint to a specific service ...
          • Login Brute force Incident Response Playbook

            The Lumu Login Brute force Incident Response Playbook is based on the Computer Security Incident Handling Guide by the National Institute of Standards and Technology (NIST). According to NIST special publication 800-61, the incident response life ...