Once you have successfully deployed and configured a Collector, and it is already forwarding network metadata from your organization to Lumu, it is time to start seeing Continuous Compromise Assessment™ in action.
Lumu processes all collected metadata with its proprietary intelligence, which includes machine learning and artificial intelligence models, to identify whether your network is “talking” with adversarial infrastructure.
This guide will walk you through the process to simulate an incident in a controlled environment.
Lumu groups all occurrences of contacts to malicious infrastructure per domain (or IP address) and presents them consolidated in the form of single incidents in the Lumu Portal.
To generate a simulated adversarial contact, simply visit the URL activity.lumu.io
. This is a test domain managed by Lumu.
Make sure to access the URL from a device that is currently covered by the collector(s) you deployed previously, so the metadata is collected and analyzed by Lumu.
Since this URL was designed to simulate an adversarial contact, you will see it reflected as an incident in the Lumu Portal with all its corresponding data. Please note that this may take a few minutes.
Explore More About the Incident's View
The Lumu Portal offers a centralized and intuitive way to manage your incidents, track their statuses, and review which incidents have been solved—for simpler and faster activation of response processes. Once you see the first incident in the Lumu Portal, dedicate some time to explore more details about the incidents view in our documentation.