Lumu Traffic Logs

Lumu Traffic Logs

Powered by Lumu Playback®, Lumu stores essential Traffic Logs for up to two years, which you can access for independent analysis and compliance purposes. In this article, we are going to see how you can query and download these logs through the Lumu Portal.

Note: The Lumu Log Archive is available for Lumu Defender and Lumu MSP accounts. Check our offerings to learn more.

How to access your Lumu Traffic Logs

1. Depending on the portal you are using, you can reach Lumu Traffic Logs differently:

  1. In the Lumu Portal, open the Log Archive drop-down menu, there, select the Traffic Logs section.
    1. In the Lumu Portal for MSPs, open the company of your choosing and look for the Log Archive tab. Under it, you will find the Traffic Logs section:

    2. Here, you will be able to request your organization’s Playback® logs. Here’s how:

    1. Fill out the Search Scope field(1), either with a Destination or an Endpoint. Select the corresponding option.
    2. Enter a Date Range(2). To do so you must select a start date and hour, as well as an end date and hour, then hit Apply.

    Keep in mind that queries are limited to a maximum 5-day date range. If you need data for a 20-day period, you will need to make four separate queries. 

    1. Click Search(3)Now your query will be processed.
    Notes To successfully process a query, you must fill out both fields. If you attempt to query with just one parameter, you will get an error message.
    Alert
    Lumu Traffic Logs is powered by Lumu’s retrospective threat analysis, which means that only the data of events not flagged as incidents is stored. As a result, searches for endpoints or destinations related to detected incidents will not return any results. Also, network metadata from popular domains such as Google, Microsoft, Facebook, etc. is not stored by Lumu.
    3. Now you will obtain the results for your query:
    1. If your Destination log query is successful, you will obtain the following message:

    Click on the Request export button to obtain your logs.
    1. If your Endpoint log query is successful, you will obtain the following message:

    In some cases, recent activity may not be detected, but you can still request files for export from that endpoint. Click on the Request Export button to obtain your logs.

    4. Once you request your results, you will see the following message and loading screen. Due to the massive amount of logs stored, this may take some time.

       Once your results have loaded, you will see a list of all available files for download.


    Now you have access to your Lumu traffic log files.

    Recent Export Requests

    The Lumu log Archive will store the results from export requests created in the last 2 weeks so you can access them at your leisure. Click on Show Files to see the logs you can download from that query. Once two weeks go by, these results will disappear; however, if you look for the same data and date range, you will be able to access the logs once again.

    Lumu Traffic Logs Use Cases

    Lumu Traffic Logs stores essential traffic logs for up to two years, which your organization can use for forensic analysis, proactive threat hunting, and streamlined compliance, all without having to invest in additional storage for your company’s logs. This logged network metadata is available on demand and can be queried by the organization so they can use it for their own internal procedures. Here are some examples:

    • Forensic investigations: When carrying out forensic investigations, the cybersecurity team can query Lumu Traffic Logs for historical traffic from particular endpoints during specific time frames. This allows the team to drill down and investigate contacts made from affected devices during vulnerable periods, which can provide vital intelligence on the actual extent of the attack.
    • Compliance: Log storage is essential for regulatory compliance, as frameworks like PCI, HIPAA, SOC2, NIST, and CIS mandate proper log collection, retention, and protection. Cyber insurers also require organizations to store and access critical logs, with non-compliance potentially leading to legal repercussions. However, organizations often struggle to send all required security logs to their SIEMs, particularly network data, leading to inefficiencies in cost and performance. In an effort to optimize resources, SecOps teams may reduce network data logging, unintentionally creating visibility gaps. With Lumu’s Log Archive, you have access to up to two years of essential network logs which you can download on demand and present for any sort of compliance audit or evaluation.

    Lumu Traffic Logs Data Example

    Any requested Lumu traffic logs will arrive in the form of a .CSV spreadsheet file. Below, you will find all the necessary information to read and interpret the data inside the file.

    • Timestamp: when it happened, which collector it came from.
    • Host: IP or domain the endpoint was connecting to.
    • Endpoint and Endpoint IP: Name and IP of the Endpoint.
    • Source: Lumu collector used to gather the metadata.
    • SourceData: contains all of the raw metadata from various sources like roaming agents, firewalls, NetFlow, proxies, and cloud environments. This includes logged users, processes, packets, and destinations and more when available.
    • Connection Enrichment: Lumu automatically enriches connections with geographic and Autonomous System (AS) information when available.


      Still can’t find an answer?
      Send a message to our experts.
      Contact Us

          • Related Articles

          • Lumu Playback

            The cybersecurity industry has developed numerous methods to defend against zero-day threats and emerging attacks. However, many attacks still slip through undetected due to the increasingly sophisticated evasion tactics employed by cybercriminals. A ...

          • Lumu Discover Similar Domains Playbook

            Lumu Discover is continuously looking for domains on the Internet that attempt to mislead your customers. Taking down these domains is of utmost importance to prevent Based on the NIST Special Publication 800-61 incident response life cycle, this ...

          • Lumu Autopilot

            In today’s rapidly evolving digital environment, prompt and effective responses to security threats are essential. Lumu Autopilot simplifies the entire incident management process, reducing human error and optimizing resource allocation. By utilizing ...

          • Lumu Discover New Infrastructure Playbook

            Every organization has external assets that are necessarily exposed—not only to customers and users but also, unfortunately, to malicious actors. Lumu Discover provides insights into newly discovered infrastructure in contact with your external ...

          • Lumu Email Intelligence

            Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...