In the cybersecurity landscape, data is power; however, current tools gather more information than a human can analyze to get actionable data. The Lumu Power BI Report template is designed to provide a unified, high-fidelity view of your organization's security posture. This template transforms raw data into a strategic narrative that allows organizations to measure the effectiveness of their security operations, the speed of their response, while also providing a tangible Return of Investment (ROI) of their cybersecurity operations.

Requirements

You will need the following to start building your Lumu reports with Power BI.

• A Lumu Defender subscription to collect your Lumu Defender API key.
• Power BI Desktop.
• The Lumu Power BI template file, which can be downloaded at the end of this document.
• (Optional) Power BI services subscription to schedule a periodic refresh of data with a Power BI Data Gateway.

Collect your Lumu Defender API key

Follow the steps outlined in the Access and Authentication section of the Defender API: Features, Functionality, and Usage document. Ensure you copy the key and store it for later use.

Access the Power BI template

Ensure you have downloaded the Lumu for Power BI template file to a device with Power BI Desktop. Open the template by double-clicking the file and you will see a form that will customize the template based on the information provided.

Fill in the data as follows:

• Lumu Defender API Key: Paste the key collected in step Collect your Lumu Defender API key.
• Data Lookback Period (Days): Select or type in the number of days from today to collect data.
• Hourly Analyst Rate (USD): Type in the average hourly labor cost. If the exact figure is unknown, use the highest estimate available to ensure conservative ROI calculations.
• Manual Average Time to Response per Incident (minutes): Select one of the list options or type in the average hands-on labor time an analyst spends manually investigating and responding to a single incident. It will be used to calculate predefined measures.

The template will begin collecting data based on the provided parameters. Please wait for the refresh process to complete. It could take up to 5 minutes based on the amount of data (incidents) in your Lumu portal in the requested time range.

Lumu’s Executive Report

Lumu’s executive report is a purpose-built template that provides actionable business intelligence. By centralizing incident data, adversary types, and operational efficiency metrics, this template helps you evaluate how effectively your organization is identifying and neutralizing threats in real-time.

The template shows an overview of your data in three main sections.

• Primary metrics: The data at the top showcases the value provided by your security operations. 
  
• Activity trend distribution of new incidents: incident data from the collected period based on the provided range.
  
• Operation data: adds information on open incidents outside the provided range.
  

Driving Measurable Outcomes

The Executive Report is mapped to display the core essentials for modern security reporting:

• Quantifying Return of Investment (ROI)
  By displaying the Operational Time Saved by automation and Operational Cost Savings, your organization can quantify exactly how many hours and dollars are saved through automation, providing tangible evidence of the financial value of the security program.
• Measuring Response Velocity
  By using metrics like Mean Time to Respond (MTTR) and Triggered incidents/Automated responses over time, your organization can clearly see its response speed, showcasing the value of Lumu’s Automated Response mechanisms to keep your organization’s exposure time at a minimum.
• Strategic Risk Prioritization
  Not all incidents require the same level of urgency. Visuals like Business relevance distribution and Incident Operation per Adversary type help you showcase to your organization how your security teams have been focused on resolving the most critical incidents.
• Operational Health
  By having data about the Incident Closure Rate and Open Incidents in your report, you can measure whether your security team have been efficiently solving incidents, which in turn can help your organization identify whether they need a bigger headcount or more automation tools.
• Threat Landscape
  Having clear information about your organization’s Threat Type Distribution and Top Affected Entities will allow you to perform a targeted hardening of the most vulnerable or highly-targeted segments of your organization’s network.

Create your own report

The power of the Lumu template lies in its versatility and interactability. It provides a myriad of information—ranging from high-level financial impact for executives to granular technical details for analysts. The Lumu Power BI Template provides a library of visuals that you can use as building blocks to mix and match to create a custom report.

Depending on your objectives, you can create reports like:

• The Daily SOC Stand-up
  This report will have a focus on tactical awareness and immediate workload. Visuals to include: Open Incidents, Top Affected Entities, Incidents by Status, and Incident Closure Rate.
• Quarterly Board Review
  This report will mainly focus on financial justification and high-level risk trends. Visuals to include: Operational Cost Savings, Business relevance distribution, Mean Time to Detect (MTTD), and Autopilot Closure Rate.
• Asset Hygiene & IT Health
  This report focuses on identifying weak points in your organization’s infrastructure. Visuals to include: Incidents by Label, Top Affected Entities, and Network / Behavior Incidents over time.

These are just a few examples of the reports you can create using the predefined visual included in the library of the template.

Create your own visuals

The template is built using a semantic model, which you can use to create your custom visuals. You can find it by selecting the Model view located in the left navigation bar. This is how the Lumu detection data is modeled based on the API calls performed by the template with the parameters you provided.

You can create visuals in the Report view. Use the right panels to choose the visual. Then, drag the data from the Data panel to the Values section of the Visualizations pane.

Further steps

You can tailor, upload, and grant access to different stakeholders across your organization to your reports, even allowing them to create their own with the model provided by the template if your organization has a licensed Power BI tier. Other use cases you can apply are:

• Create unified security dashboards with information from your cybersecurity stack: you can add Lumu data and visuals to existing Power BI reports and dashboards by just dragging or copying visuals and measures from the template to other reports and dashboards.
• Limit access to specific data to stakeholders: Using Row-level security (RLS), you can restrict access to different stakeholders to the data they are interested in. For example, you can define read permissions per organizational unit or region if you use labels to categorize Lumu operations.
• Schedule a data refresh to work with up-to-date data without manual intervention.