The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR); incident response systems; and more.
This article shows how to create an external block list using FortiGate by Fortinet to generate automatic block lists with the adversaries found by Lumu in your infrastructure.
- FortiGate by Fortinet version 6.2 or higher.
- A Lumu Defender subscription
Out-of-the-box Integrations are part of Lumu Defender. This tier was built to help organizations orchestrate and automate defense against confirmed compromise instances. This tier allows the integration of Lumu’s real-time analysis into your security stack to mitigate and remediate compromise incidents quickly and precisely. To know more about Illumination options,
visit our site
1. Log in to your Lumu account through the
and navigate to the integrations screen.
Figure 1 - Integration Screen
2. Locate the FortiGate integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
Figure 2 - Activate the integration.
4. To generate the integration URL, add a description and select the threat types you want to include in the list.
Figure 3 - Generate the integration URL.
Once you create the integration, you will be provided with the Integration URL:
Figure 4 - Provided Integration URL.
Deleting an integration will cause URLs to be removed. This action cannot be undone. To reintegrate you will have to generate the URLs again and update your FortiGate configuration.
Set Up FortiGate
Now that you have the integration URL, it’s necessary to configure your instance of FortiGate. For this, make sure you allow the use of External Connectors modules. After activating the module, you will see an option that will allow you to create a Threat Feed, select "Fortiguard Category".
Figure 5 - Create a Threat Feed.
Under Connector Settings, add the URL provided by Lumu as the “URL of the external resource.” Then, configure the refresh interval of the connector. This interval must be entered as a value in minutes. Lumu advises to set this value as 360 minutes (6 hours).
Figure 6 - Add the URL provided by Lumu.
Once you have created the list, the next step is to include it in a policy. These can be found under the Firewall Policies and Proxy Policies options.
Bear in mind that the configuration of the policy is highly dependent on your environment’s characteristics and must be done according to your business needs. For more information on how to carry out this procedure, please refer to
FortiGate’s official documentation