In this first phase of implementation, the integration is focused on SNOW pulling network data from Lumeta. In use case #1, Lumeta highlights the gaps for our integration partner.
Use Case #1 – Lumeta Integration partner reports and action for ticket workflow
- SNOW initiates the first API call to Lumeta requesting a list of all integrations configured on the Lumeta Command Center and the connection status of each.
- SNOW initiates a second API call to Lumeta to see the gaps. Missing agent (MacAfee, Carbon Black) scan needed (Tenable, Qualys, Rapid7), Missing IP’s (Infoblox, BlueCat).
- Generate the SNOW incident ticket
- Single incident lists the devices missing the integration. Example – 30 devices do not have ePO agent installed.
- Each 3^rd^ party integration would have its own incident ticket
- After the SNOW ticket is marked completed because the security professional followed the process (a remediation step is completed and the SNOW status is changed).
- API call sent to Lumeta kick off a query to the integration server and get updated list of gaps from the Integration server.
- Update SNOW with the new status
Use Case #2 – CMDB Data
- Lumeta needs more information on the SNOW CMDB Data schema. What is retained in the SNOW database and the structure?
- Lumeta queries SNOW on an interval and pulls CMDB data:
- Lumeta does a diff and pushes assets that are missing in SNOW to the SNOW Server to be populated in the SNOW CMDB.
- Lumeta Configurable parameter to push assets as Global or by Zone
- Lumeta ingests CMDB data from SNOW as an external source
- Populate Lumeta dashboard and allows us to add to our target, eligible list.
- Enhance profiling inside of Lumeta