the Highlights Panel is exclusively dedicated to incidents involving contact with malicious infrastructure. When your network communicates with adversarial assets—such as phishing sites, Command and Control (C&C) servers, malware distribution nodes, cryptomining pools, or spam domains—this panel acts as your comprehensive visualization dashboard.
The Highlights Panel is designed to give you an immediate, high-level understanding of the attack's footprint, frequency, and impact on your business. To deliver this intelligence effectively, the panel is divided into several specialized areas that aim to ensure that your can quickly assess the blast radius of an incident and orchestrate a targeted response.
Summary
At the top of the panel, you will find a clear timeline of the events. This establishes the foundational context of the malicious communication.
Automated Response
Available exclusively for Lumu Defender customers, this section exhaustively details the orchestration involved in the automatic response process. It displays active integrations, the specific Indicators of Compromise (IoCs) being handled, and the threat types the system is actively blocking.
Labels Affected
This area leverages your user-defined label system to show exactly which segments of your network are compromised. It allows you to determine at a glance which specific areas of your business are affected and gauge their operational relevance.
Attack Distribution
This dynamic view helps you understand how the adversary is spreading throughout your organization’s network over a period of time. Repeated instances of malicious activity are plotted here, and you can easily adjust the timeframe using your mouse’s scroll wheel to widen or narrow your investigation.
Compromise Radar
This feature visualizes the frequency of the malicious contacts on an interactive time dial. As an incident triggers repeatedly, the dial fills with data points. Hovering your cursor over these points reveals deeper forensic details about each individual contact.
Email Intellingence
If the detected malicious infrastructure is commonly associated with email threats (like spam or phishing), this section cross-references the data to show if those specific IoCs have actively appeared in your organization’s email inboxes, helping you identify the initial delivery vector.
Related Articles
Check out the following articles to fully understand the incident details provided in the Lumu Portal.
- Incident Details - Detections
- Incident Details - Threat Intel
- Incident Details - ATT&CK Matrix