Enable Lumu Autopilot

If your account is eligible for Lumu Autopilot, you must simply open the Lumu Portal’s settings and locate the Autopilot section. Once there, switch the Autopilot slider to On. It is that simple. 

1. Improved Response and Autonomous Incident Management: Lumu enables organizations to respond to threats faster than humanly possible thanks to its integrations. This is already a powerful benefit, but it becomes even more powerful alongside Lumu Autopilot. Throughout the last 5 years, Lumu has not only accumulated a huge collection of network metadata, but has used it to create AI-powered playbooks that can be used by Lumu Autopilot to manage incidents like an expert cybersecurity agent. 
2. Incident Prioritization: By delegating incident management to Lumu Autopilot, you can further optimize manual incident management. Lumu Autopilot can and will take care of assigning the correct status to incidents that have been automatically handled and responded to, freeing up your cybersecurity team to focus their efforts on more complex tasks. Trust Lumu Autopilot’s AI playbooks to handle the bulk of your day-to-day operation, and optimize your resources to empower your organization’s cybersecurity posture. 
3. 24/7 SOC Compliance: Many organizations aim to have 24/7 SOC monitoring, but for many, this may not be achievable due to logistical, organizational, and financial challenges. Autopilot offers the capabilities of a 24/7 virtualized SOC, eliminating the complexities associated with an on-site SOC. This enables smaller organizations to achieve 24/7 SOC compliance, even if it wasn't previously an option for them.
   

Autopilot Operation

Escalation Alerts

With its AI-powered playbooks, Autopilot can identify when an incident's complexity necessitates manual intervention. In such cases, Lumu will send you an email notification, alerting you that the incident has been escalated so your cybersecurity team can start investigating and operating it promptly. 

Autopilot Periodic Reports - Wrap-up

The portal can produce a regular summary, allowing you to thoroughly review Autopilot’s activities over a specified time period. This wrap-up report will provide clarity on the steps Autopilot has taken to manage your organization's cybersecurity, presented in an easy-to-read format that can help reassure other stakeholders.

This wrap-up can be enabled and configured by going into the Autopilot section, activating the corresponding switch, and selecting the desired frequency from the drop-down menu. Once done, save your changes and you will be set. 

Escalation Alerts

Autopilot lets you decide the user or users who are going to receive the escalation alerts produced by the Auto-escalate incidents feature (seen in the section below). By default, this feature automatically alerts the first user added to your company's Lumu account. To configure new users, go to the Autopilot section and do the following: 

1. Go to the Escalation Alerts section, and click Edit (1).

2. Select the users from the dropdown menu.

Duplicated names may appear, since the same person can have different mails and roles within the Lumu Portal.

3. Click Save Changes (1) once you finish selecting the users.

Once you have successfully saved the changes, the selected users are going to receive the escalation alerts for every auto-escalated incident.

Environment Driven Actions

Autopilot brings the possibility to automatically manage incidents on your environments. By leveraging the labels given to your incidents, Autopilot can auto-close and auto-escalate them to speed up the incident handling process of your company. 

To use this feature, go to the Autopilot section and do the following: 

By selecting the Only if automatically responded check-mark in a selected label (as seen in the image above), incidents with that label will only close if they have been automatically resolved by Autopilot. This is only available for the auto-close feature currently.