Incident Details - Highlights

Incident Details - Highlights

the Highlights Panel is exclusively dedicated to incidents involving contact with malicious infrastructure. When your network communicates with adversarial assets—such as phishing sites, Command and Control (C&C) servers, malware distribution nodes, cryptomining pools, or spam domains—this panel acts as your comprehensive visualization dashboard.

The Highlights Panel is designed to give you an immediate, high-level understanding of the attack's footprint, frequency, and impact on your business. To deliver this intelligence effectively, the panel is divided into several specialized areas that aim to ensure that your can quickly assess the blast radius of an incident and orchestrate a targeted response.

Summary

At the top of the panel, you will find a clear  timeline of the events. This establishes the foundational context of the malicious communication.

Automated Response

Available exclusively for Lumu Defender customers, this section exhaustively details the orchestration involved in the automatic response process. It displays active integrations, the specific Indicators of Compromise (IoCs) being handled, and the threat types the system is actively blocking.

Labels Affected

This area leverages your user-defined label system to show exactly which segments of your network are compromised. It allows you to determine at a glance which specific areas of your business are affected and gauge their operational relevance.

Attack Distribution

This dynamic view helps you understand how the adversary is spreading throughout your organization’s network over a period of time. Repeated instances of malicious activity are plotted here, and you can easily adjust the timeframe using your mouse’s scroll wheel to widen or narrow your investigation.

Compromise Radar

This feature visualizes the frequency of the malicious contacts on an interactive time dial. As an incident triggers repeatedly, the dial fills with data points. Hovering your cursor over these points reveals deeper forensic details about each individual contact.

Email Intellingence

If the detected malicious infrastructure is commonly associated with email threats (like spam or phishing), this section cross-references the data to show if those specific IoCs have actively appeared in your organization’s email inboxes, helping you identify the initial delivery vector.

Check out the following articles to fully understand the incident details provided in the Lumu Portal. 
  1. Incident Details - Detections
  2. Incident Details - Threat Intel
  3. Incident Details - ATT&CK Matrix

      Get an AI Summary

          • Related Articles

          • Incident Details - ATT&CK Matrix

            To effectively contain and eradicate a cybersecurity incident, responders must move beyond simply knowing what happened and understand how and why it happened. This is where the MITRE ATT&CK framework becomes an invaluable asset for forensic ...
          • Incident Details - Threat Intel

            This panel is only visible for Phishing, C&C, Malware, Spam and Mining incidents The Threat Intel Panel provides the tactical and strategic vision necessary to understand exactly who you are up against. This tab equips your security team with a suite ...
          • Data Exfiltration Detection

            Login Bruteforce incidents are patterns of high-volume, repetitive authentication failures targeting an organization's identity infrastructure. Unlike network-level attacks, these incidents directly target the Active Directory of your organization, ...
          • Unusual Login Detection

            Learn how to effectively investigate, contain and remediate this incident by following our Response Playbook. Unusual Login incidents are anomalous authentication events that deviate from the normal patterns of an administrative or user account, ...
          • Lumu Incident Detections

            In today's evolving threat landscape, perimeter defenses alone are insufficient to protect an organization's critical assets. As adversaries develop more sophisticated methods to bypass traditional security controls, the ability to rapidly detect, ...