The RedSeal integration tells you which forwarders and endpoints on your enterprise network are either undefended by RedSeal or unknown to Lumeta. By comparing Lumeta's comprehensive index of all your network devices against that subset of network devices managed by RedSeal, you can generate a list of network hosts that are not managed by RedSeal. Lumeta helps identify the gaps in coverage, so your team can close them. Lumeta software is able to ingest data via an API call and push data to RedSeal via the plug-in.
This page provides an overview of the RedSeal integration and how to configure it in Lumeta. See Deploying theRedSeal Plug-in for details on how to add and use the RedSeal plug-in.
How Does It Work?
- Lumeta Lumeta queries RedSeal and retrieves its inventory of devices under management.
- Lumeta Lumeta correlates this inventory against its own authoritative index of IP address space.
- Lumeta Lumeta highlights the commonalities and differences into views:
- Lumeta-only IPs: IP addresses Lumeta Lumeta knows about, but are unmanaged by RedSeal
- RedSeal-only IPs: IP addresses RedSeal knows about, but are unknown to Lumeta (e.g., if Lumeta does not have access to a network or an off-network device, but RedSeal is still aware of the client agent)
- RedSeal- & Lumeta-Managed IPs: IP addresses both Lumeta and RedSeal know about.
This information is available in Lumeta Lumeta via the RedSeal Management dashboard.
Configuring the RedSeal Feed via GUI
Configure the RedSeal feed as follows:
- On Lumeta's main menu, browse to Settings > Integrations > Other Solutions > RedSeal.
- Enable the threat feed by moving Active slider to the right.
The label changes from No to Yes.
- Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on.
- Input your customer key.
- Input the IP address of your RedSeal server.
- Click Submit.
Feed is configured.
Configuring the RedSeal Feed via CLI
To enable the RedSeal feed:
- Log in the CLI
- Enter the command system feed set redseal enabled true
The feed is enabled.
To disable the RedSeal feed:
- Log in the CLI.
- Enter the command system feed set redseal enabled false
The feed is disabled.
Other RedSeal CLI commands:
- system feed set redseal pollInterval - Time between checks - system feed set redseal pollInterval 24
- system feed set redseal server - Set feed server name or IP address - system feed set redseal server 22.214.171.124
- system feed set redseal username - Set server username - system feed set redseal username uiadmin
- system feed set redseal password - Set RedSeal server password - system feed set redseal password 978!78a
See Deploying theRedSeal Plug-in for an advance look at the RedSeal plug-in.