In this first phase of implementation, the integration is focused on SNOW pulling network data from Lumeta. In use case #1, Lumeta highlights the gaps for our integration partner.
Use Case #1 – Lumeta Integration partner reports and action for ticket workflow
- SNOW initiates the first API call to Lumeta requesting a list of all third-party integrations configured on the Lumeta Command Center and the connection status of each.
- SNOW initiates a second API call to Lumeta to see the gaps. What does Lumeta know that SNOW doesn't?
- Did Lumeta identify a device lacking an agent such as McAfee or Carbon Black
- Did Lumeta find a device that SNOW hasn't scanned? (Tenable, Qualys, Rapid7)?
- Did Lumeta discover a CIDR or IP that SNOW isn't aware of (Infoblox, BlueCat).
- SNOW generates an incident ticket–one incident ticket per third-party vendor (e.g., McAfee) and containing individual records for each finding (e.g., one row for each of the 30 devices lacking the ePO agent).
- SNOW security professional remediates the issue and marks the ticket as "completed."
- SNOW initiates a third API call to Lumeta to get an updated list of gaps.
- Lumeta compares the current issue-status to the expected issue-status to validate that SNOW-fixed issues are demonstrably fixed.
- Lumeta updates SNOW with the new status.
Use Case #2 – CMDB Data
- Lumeta needs more information on the SNOW CMDB Data schema. What is retained in the SNOW database and the structure?
- Lumeta queries SNOW on an interval and pulls CMDB data:
- Lumeta does a diff and pushes assets that are missing in SNOW to the SNOW Server to be populated in the SNOW CMDB.
- Lumeta Configurable parameter to push assets as Global or by Zone
- Lumeta ingests CMDB data from SNOW as an external source
- Populate Lumeta dashboard and allows us to add to our target, eligible list.
- Enhance profiling inside of Lumeta