Lumu Portal offers a centralized and intuitive way to manage your incidents, track their statuses, and review which compromises have been solved—for simpler and faster activation of response processes.
In this view of the Lumu Portal, you can stay up to date with and manage incidents in an easy-to-read dashboard with details on the activity and distribution of the Indicators of Compromise (IoC) that Lumu identified in your organization.
NIST, an incident is an occurrence that results in actual or potential exposure of the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits.
For each incident, you have the number of labels and endpoints affected and the total of contacts from that adversary. Navigate through the tabs by incident status: Open, Closed, or Muted.
The incidents are listed in chronological order considering the time of its first contact. You can filter incidents by threat type, label, or business relevance. For more details about labels, consult our documentation.
Click on an incident in the summary list to view its details. This area shows the case history as well as activity related to the incident, such as labels and contact timeframe views. This area also offers a comprehensive view of the affected endpoints. From here, you can go directly to the
Compromise Context area for more in-depth insights about the incident.
By default, each new incident is going to be shown in the “Open” tab. For each incident, you have the option to mark it as closed, or to mute all incidents from that adversary.
Use this option to stop new notifications of contacts from a specific adversary.
Use the option to unmute an incident that was marked as muted.
When unmuting an incident, please leave a comment listing the actions taken or any information related to the incident unmuting. That comment will be recorded and stored in the incident, which will move to the “Open” tab.
Use this option to mark an incident as closed after you finalized working on the case.
When closing an incident, please leave a comment listing the actions taken or any information related to the incident closure. That comment will be recorded and stored in the incident, which will be moved to the “Closed” tab.
We recommend being familiar with Lumu’s
Incident Response Playbooks
that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.
Know more about the Lumu Portal: