Connectwise PSA (formerly Manage) Out-of-the-Box SecOps Integration

Connectwise PSA (formerly Manage) Out-of-the-Box SecOps Integration

To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
The ConnectWise PSA (formerly Manage) Out-of-the-Box Integration allows you to manage incidents detected by Lumu in your preferred ConnectWise PSA service board. A new service ticket will be created when Lumu detects an incident. Incident and related ticket status will be kept in sync between the Lumu portal and the ConnectWise PSA service board. As there are new contacts for the incident, the ticket will be updated with notes containing updated data.

Requirements

  1. A valid ConnectWise License
  2. A Lumu Defender active subscription

Setup ConnectWise PSA

To setup the integration, you will need the following data:
Data Description
Hostname The hostname you use to access the ConnectWise PSA portal
Company ID The company you use to log in to the ConnectWise PSA portal
API Member Public Key
API Member Private Key
The credentials of the API Member the integration will use to interact with ConnectWise PSA
Board The Service Board where the tickets corresponding to the incidents will be created
Company The company the tickets will be associated to
Open state The status assigned to the ticket when it is created by the integration
Closed state The status corresponding to a Closed incident
Muted state The status corresponding to a Muted incident
Type
Optional.  Categorization to be assigned to tickets created by Lumu.
Can be specific by threat type.
Subtype
Optional. Categorization to be assigned to tickets created by Lumu.
Can be specific by threat type.
Item
Optional. Categorization to be assigned to tickets created by Lumu.
Can be specific by threat type.

During the first part of this procedure, we will be configuring ConnectWise PSA to obtain the information required to create the integration. To begin with, log in to your ConnectWise PSA portal. 

Keep this information at hand, since you will use the hostname you are connecting to and the company during the creation of the integration in the Lumu portal.

API Member

To set up the integration, you will need an API member. The API member must have permission to list companies and boards, and to create and modify tickets. To learn more about this procedure, refer to the following  article in Connectwise’s official documentation

Access to ConnectWise University is required to read this article.
You can list and, if necessary, create a security role by going to  System Security Roles.


The role, at a minimum, must have the following permissions:

Module Description Add Level Edit Level Delete Level Inquire Level Comments
Companies Company Maintenance None None None All Allows Lumu to fetch and display client company information
Service Desk Close Service Tickets None All None All Allows Lumu to close service tickets based on service board statuses   
Service Desk Service Tickets All All None All Allows Lumu to create tickets when an incident is detected and change statuses according to changes in the portal
System Table Setup None None None All Allows Lumu to sync boards, statuses, etc.


To create an  API Member in the ConnectWise PSA portal, go to System Members and choose the API Members tab. Click the “+” button, and fill out the information in the New Member form. Remember to assign the appropriate Role ID to the API Member. 

To generate the API key, select the API Member and go to the API Keys tab. Click the “+”  button and fill out the required information. Public and private keys are then displayed. Save these keys as they are required for the integration. Please note that the Private Key is only available when the key is created.

Board

For every incident detected by Lumu, the integration will generate tickets in a Service Board of your choice. The integration creation process will list the available boards for you to choose from; however, should you need to create a new board, go to Setup Tables and search “Service Board” in the Table column. Click on the Service Board option.

A screen listing the available boards will appear. Choose the one you want to use for the integration, or create one clicking on the “+” button.

You can see or edit the board data clicking on the board name.

Status (Open, Closed and Muted)

Incidents in the Lumu Portal can have three statuses:
  1. Open
  2. Closed: the incident has been resolved. A new contact with the same adversary will create a new incident.
  3. Muted: the incident is no longer updated with new contacts
The Service Board should provide at least three statuses to match. Please note that an incident cannot be reopened in the Lumu portal; however, it can be unmuted.
While creating the integration, the Lumu Portal will list the available statuses for you to choose from. 
You can list the available statuses for a board - and create new ones if needed, by accessing the Statuses tab in the board data view.
The integration will keep the statuses of incidents and corresponding tickets aligned.

Type

Optionally, you can assign a  typesubtype, and item to the tickets created by the integration. You can choose a different categorization for each threat type if you wish to do so.
While creating the integration, the Lumu Portal will list the available types, subtypes, and items for you to choose from. 
You can view types, subtypes and items, and if needed, create new ones by accessing the TypesSubtypes and  Items tabs in the Service Boards view. Please make sure to create the required associations between types, subtypes and items.





Company

The tickets created by the integration will be associated with a company managed in your ConnectWise PSA portal.
The integration creation process will list the available companies for you to choose from. 
To list, and if necessary create, the companies in the ConnectWise PSA portal choose  Companies  Companies.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the Integrations screen.


2. Locate the ConnectWise PSA integration in the available apps area and click to add, then click to view details. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.


3. Add the integration description and fill in the integration data. 
Hostname is the hostname you use to login into the ConnectWise PSA portal - e.g. staging.connectwisedev.com  
Company ID is the Company you use to login into the ConnectWise PSA portal. 
Public Key and Private Key are the credentials assigned to the API Member you’ve chosen for the integration.


4. Select the company and the board the tickets created by the integration will be assigned to.


5. Select the statuses in ConnectWise PSA that correspond to the statuses of the incidents in the Lumu portal


a. Optionally, select the type, subtype and item to be assigned to the tickets created by the integration. You can choose default values to be assigned to all tickets, and/or values to be used for each threat type. This step is optional and you can leave it blank if you do not wish to categorize the tickets.

6. You can now see the details of the created integration


        • Related Articles

        • ConnectWise Manage Custom Integration with Lumu Defender API

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...
        • Datto Autotask Out-of-the-box SecOps Integration

          Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...
        • QRadar Out-of-the-Box SecOps Integration

          If by any chance you are looking for the Lumu Qradar Custom App, it is strongly suggested to start using this Out-of-the-box Integration instead. To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. The ...
        • Kaseya BMS PSA Custom SecOps Integration

          This article shows how to leverage Kaseya BMS API and Lumu Defender API to enhance your SecOps capabilities, pushing Lumu incidents into a BMS deployment as Service Desk - Tickets, and syncing both systems. SecOps integration between Kaseya BMS and ...
        • Splunk Out-of-the-Box SecOps integration

          The Splunk Out-of-the-Box SecOps Integration with the Lumu Splunk Add-on allows you to poll and push adversary-related events to your Splunk deployment. After configuring the integration, installing, and deploying the Lumu Splunk Add-on, your Splunk ...