Options
|
Description
|
-h, --help
|
show this help message and exit
|
--config CONFIG
|
Load options from config file
|
--company-key COMPANY_KEY
--company_key COMPANY_KEY
|
Lumu Company Key (Defender API).
|
--proxy-host PROXY_HOST
--proxy_host PROXY_HOST
|
Proxy host (if required)
|
--proxy-port PROXY_PORT
--proxy_port PROXY_PORT
|
Proxy port (if required)
|
--proxy-user PROXY_USER
--proxy_user PROXY_USER
|
Proxy user (if required)
|
--proxy-password PROXY_PASSWORD
--proxy_password PROXY_PASSWORD
|
Proxy password (if required)
|
--logging {screen,file}
|
Logging option (default screen).
|
--verbose, -v
|
Verbosity level
|
--host HOST
|
Trend Micro Apex Central host.
|
--application-id APPLICATION_ID
--application_id APPLICATION_ID
|
Trend Micro Apex Central Application ID.
|
--api-key API_KEY
--api_key API_KEY
|
Trend Micro Apex Central API Key.
|
--adversary-types {C2C,Malware,DGA,Mining,Spam,Phishing}
--adversary_types {C2C,Malware,DGA,Mining,Spam,Phishing}
|
Lumu adversary types to be filtered.
|
--scan-action {log,block}
--scan_action {log,block}
|
Scan action to be used to push UDSO (default "block").
|
--no-expiration-date
|
Tells to not set the expiration date to each UDSO (default 30 days).
|
--ioc-types {ip, domain, url, hash}
--ioc_types {ip, domain, url, hash}
|
IOC types to be collected and processed by the integration.
|
--preserve-iocs, --preserve_iocs
|
Preserve the existent UDSO created by Lumu.
|
--days DAYS
|
The number of days from now to query Lumu incidents backward (default 30).
|
--threaded
|
Set if you want the integration to operate with multi-threading.
|
--threads THREADS
|
Number of threads to use for the multi-threaded mode. USE WITH CAUTION (default 20). |
--clean
|
Cleans all rules and objects created by the Lumu integration.
|
- # Sample config file # Lumu company_key=<lumu-company-key> # Trend Micro Apex Central host=<apex-host> application_id=<apex-application-id> api_key=<apex-api-key> # Misc # Optional parameters days=<days-to-collect> ioc-types=url ioc-types=hash # Threading support threads=20 # Logging logging=file
To identify any failures of the script, please use the -v flag. This will allow you to identify failures in the script execution.
If you receive the following error:
There could be another instance running. To check this, open the pid.pid file present in the integration’s folder. This file stores the id of the process related to the integration, if it’s running. Search for this process in your system. The following images show the process in Windows and Linux.