Lumu Incident Detections

Lumu Incident Detections

In today's evolving threat landscape, perimeter defenses alone are insufficient to protect an organization's critical assets. As adversaries develop more sophisticated methods to bypass traditional security controls, the ability to rapidly detect, analyze, and operate a cybersecurity incident is key on every organization's Security Operation. Effective incident detection and operation are what stand between a contained anomaly and a catastrophic breach. It allows security teams to identify threats early, neutralize lateral movement, and safeguard sensitive data before significant damage occurs.

Lumu transforms how organizations respond to these threats through the concept of Continuous Compromise Assessment. By continuously ingesting and correlating network and identity metadata across your entire infrastructure, Lumu illuminates the blind spots where attackers typically hide.

When a threat is detected, Lumu goes beyond simply generating an alert. It handles complex data and translates it into a clear, contextualized narrative that outlines the Scope, Severity, and Source of the attack. By providing actionable forensic data—such as behavioral baselines, exact timelines, and detailed endpoint telemetry—Lumu empowers response teams to assess the true risk of an incident, prioritize their triage efforts, and execute precise, data-driven containment strategies.

Incidents View

Each detected incident is displayed in the Lumu Portal. Go to Compromise > Incidents and you will see the full list of detected incidents on your company.

At the top you can see an overview of your operational metrics followed by the list of the incidents detected in your company. 

Incident Details

When you click on an Incident, you will see the following panel. Here, you will see a general description of the Incident (1), its status (2), and whether it was Automatically Responded by Lumu. 


Depending on the type of incident detected, the information provided in this page will vary. You can find the following sections: 
  1. Detections
    1. This tab provides a full overview of the context of the attack. 
  2. Highlights
    1. High level overview of the incident. 
  3. Threat Intel
    1. In-depth information of the origin of the incident. 
  4. ATT&CK Matrix
    1. Information of the tactics used in the incident.
Notes Check out each of the dedicated articles to fully understand how the Lumu Portal provides key information to tackle the detected incidents.
On the right of this page, you will see the Operation Timeline , detailing the actions that have been taken by your organization regarding a specific incident in chronological order, with the most recent interaction at the top.

Here, Lumu Defender customers will find which integrations had an active role in the Automated Response process.

Incident Detections Index

These are the detection types monitored and reported by the Lumu. Each detection provides tailored context and actionable intelligence to support your incident response operations:

      Get an AI Summary

          • Related Articles

          • Incident Details - Detections

            The Detections Panel is the core investigative hub within the Lumu Portal. When suspicious activity on your network escalates into a confirmed incident, this panel serves as your team's starting point for rapid triage and response. It is designed to ...
          • Incident Details - Threat Intel

            This panel is only visible for Phishing, C&C, Malware, Spam and Mining incidents The Threat Intel Panel provides the tactical and strategic vision necessary to understand exactly who you are up against. This tab equips your security team with a suite ...
          • Incident Details - Highlights

            the Highlights Panel is exclusively dedicated to incidents involving contact with malicious infrastructure. When your network communicates with adversarial assets—such as phishing sites, Command and Control (C&C) servers, malware distribution nodes, ...
          • Network Brute Force Detection

            Learn how to effectively investigate, contain and remediate this incident by following our Response Playbook. Network Bruteforce incidents are patterns of high-volume, repetitive connection attempts from a source endpoint to a specific service ...
          • Login Brute force Incident Response Playbook

            The Lumu Login Brute force Incident Response Playbook is based on the Computer Security Incident Handling Guide by the National Institute of Standards and Technology (NIST). According to NIST special publication 800-61, the incident response life ...