Slack Out-of-the-Box SecOps Integration
Requirements
- A Slack Free or above subscription
- An Active Lumu Insights or Lumu Defender subscription
Configure Slack Incoming Webhook
1. Create a Slack app. In your Slack page, click on the three dots and select the “Automations” option.2. Click on the “App Directory” to check the applications information.
3. The app directory should resemble the image below. To proceed, click on “Build” to create a new app.
4. You will see a page like the following. Next, click on “Your apps.”
5. Then your apps will be shown. Create your Lumu app by clicking the “Create an App” button.
6. Please follow the instructions provided by Slack. Click on the “From scratch” option.
7. Fill in the App Name and select the workspace to create your app.
8. Navigate to the Incoming Webhooks option to generate the URL for posting messages to Slack.
9. Before creating it, ensure that Incoming Webhooks are enabled.
10. Click on Add New Webhook.
11. Select the channel to which you want to post messages.
Add Integration
1. Log into your Lumu account through the Lumu Portal Client or the Lumu MSP Portal and navigate to the integrations screen.
2. Go to the SecOps integrations.
3. Locate the Slack integration.
4. Familiarize yourself with the integration details and click the button activate to start setting up the integration.
5. Begin by adding the integration name. Next, select the incident events for which you would like to receive notifications.
6. Copy the Webhook URL generated earlier from the incoming webhook.
- If your webhook URL is valid, Lumu will post the following message in your Slack channel.
7. You can now see the details of the created integration.Deleting the incoming webhook will result in the integration going offline. We recommend avoiding deletion unless absolutely necessary. Alternatively, you can edit the webhook to align it with another incoming webhook, either from a different channel or the same one.
Operating the integration
You are now set to track your Lumu incidents in your Slack channel. Each new or updated incident detected by Lumu will trigger a notification in Slack, providing comprehensive incident details.
- New incident:
- Integrations response updated:
- Incident muted:
- Incident un-muted:
- Incident closed:
- Incident comment added:
- Incident marked as read:
- Incident updated:
Remember that an incident cannot be reopened in the Lumu portal. However, it can be unmuted.
Related Articles
Microsoft Teams Out-of-the-Box SecOps Integration
Requirements Microsoft Teams A Microsoft Teams Essentials subscription or above An Active Lumu Insights or Lumu Defender subscription Incoming Webhooks connectors will be retired by Microsoft. We strongly advice to migrate to the Webhook model. You ...Universal SIEM Out-of-the-Box SecOps Integration
Universal SIEM is the recommended way to integrate SIEM solutions with Lumu. The Lumu Universal SIEM Out-of-the-Box integration allows you to centralize Lumu detections and operating events in your SIEM deployment. With this information in your SIEM, ...Datto Autotask Out-of-the-box SecOps Integration
Requirements An Autotask PSA Essentials or above subscription An Active Lumu Insights or Lumu Defender subscription Configure Autotask To setup the integration, you will need to create an API username/password in Autotask to give Lumu access and the ...HaloPSA Out-of-the-Box SecOps Integration
Requirements A HaloPSA subscription An Active Lumu Insights or Lumu Defender subscription Configure HaloPSA To set up the integration, you will need to create a pair of API credentials in HaloPSA to give Lumu access and the following data: Data ...Microsoft Sentinel Out-of-the-Box SecOps Integration
Requirements An active Azure subscription to enable Azure Monitor services An active Lumu Insights or Lumu Defender subscription Add Integration If you operate a multi-tenant organization in Microsoft Entra ID, you must create an admin user on the ...