As
a recommended practice, we encourage you to create a Virtual
environment for each integration to avoid conflicts between them and
your operating system tools. Make sure you follow the steps in our Preparing Environment for Custom Integrations article.
Options
|
Description
|
-h, --help
|
Show this help message and exit
|
--config CONFIG
|
Load options from config file
|
--company-key COMPANY_KEY
--company_key COMPANY_KEY
|
Lumu Company Key (Defender API).
|
--proxy-host PROXY_HOST
--proxy_host PROXY_HOST
|
Proxy host (if required)
|
--proxy-port PROXY_PORT
--proxy_port PROXY_PORT
|
Proxy port (if required)
|
--proxy-user PROXY_USER
--proxy_user PROXY_USER
|
Proxy user (if required)
|
--proxy-password PROXY_PASSWORD
--proxy_password PROXY_PASSWORD
|
Proxy password (if required)
|
--logging {screen,file}
|
Logging option (default screen).
|
--verbose, -v
|
Verbosity level.
|
--host HOST
|
Symantec Endpoint Protection Manager host.
|
--username USERNAME
|
Symantec Endpoint Protection Manager username.
|
--password PASSWORD
|
Symantec Endpoint Protection Manager password.
|
--domain DOMAIN
|
Symantec Endpoint Protection Manager domain (default 'empty').
|
--adversary-types {C2C,Malware,DGA,Mining,Spam,Phishing}
--adversary_types {C2C,Malware,DGA,Mining,Spam,Phishing}
|
Lumu adversary types to be filtered.
|
--fingerprint-list FINGERPRINT_LIST
--fingerprint_list FINGERPRINT_LIST
|
Fingerprint list to maintain.
|
--days DAYS | The number of days backward from now to query Lumu incidents (default 30). |
--clean | Cleans all rules and objects created by the Lumu integration. |
--hash-type {md5, sha256} | Hash type to be added to fingerprint list (default 'md5'). |
- ## Sample config file # Lumu company_key=<lumu_company_key> # SEPM host=<sepm_host_or_ip> username=<sepm_username> password=<sepm_password> # Misc adversary_types=<adversary_type_1> ... adversary_types=<adversary_type_n> days=<days> logging=<screen|file>
According to your needs, you can combine the examples shown.
Options
|
Description
|
-h, --help
|
show this help message and exit
|
--config CONFIG
|
Load options from config file
|
--company-key COMPANY_KEY
--company_key COMPANY_KEY
|
Lumu Company Key (Defender API).
|
--proxy-host PROXY_HOST
--proxy_host PROXY_HOST
|
Proxy host (if required)
|
--proxy-port PROXY_PORT
--proxy_port PROXY_PORT
|
Proxy port (if required)
|
--proxy-user PROXY_USER
--proxy_user PROXY_USER
|
Proxy user (if required)
|
--proxy-password PROXY_PASSWORD
--proxy_password PROXY_PASSWORD
|
Proxy password (if required)
|
--logging {screen,file}
|
Logging option (default screen).
|
--verbose, -v
|
Verbosity level.
|
--host HOST
|
Symantec Endpoint Protection Manager host.
|
--username USERNAME
|
Symantec Endpoint Protection Manager username.
|
--password PASSWORD
|
Symantec Endpoint Protection Manager password.
|
--domain DOMAIN
|
Symantec Endpoint Protection Manager domain (default 'empty').
|
--adversary-types {C2C,Malware,DGA,Mining,Spam,Phishing}
--adversary_types {C2C,Malware,DGA,Mining,Spam,Phishing}
|
Lumu adversary types to be filtered.
|
--unquarantine, -u
|
Unquarantine hosts included in the quarantine report (use with caution).
|
If you receive the following error.
There could be another instance running. To check this, open the pid.pid file in the integration folder. This file stores the process id if it's running. Search for this process in your system. The following pictures show the process in Windows and Linux.
If the previous validation indicates that another instance is running, please, check its progress using the integration's log lumu.log.
It's possible you are working with a Symantec Endpoint Protection Manager with version 14.3 RU3 or earlier and you are trying to push SHA256 hashes. Set the hash-type to MD5 and run the integration again.