{"info":{"_postman_id":"d137aeda-6380-49ba-9588-bdb932d9946e","name":"Lumu Defender API - Postman Tutorial","description":"

Lumu

\n

is a cloud-based security technology that provides you with visibility into threats, attacks, and adversaries affecting your entire enterprise, across all your enterprise environments.

\n

To get started with Lumu, visit our documentation.

\n

The Lumu Defender API offers a framework to help you leverage the Lumu integration with various third-party solutions.

\n

The Lumu Defender API is based on HTTP requests and JSON responses and it is language agnostic and supports incoming and outgoing information. All API calls are encrypted using HTTPS (HTTP over SSL/TLS) and authenticated API key-based authentication.

\n\"Lumu\n\n

What's in the collection?

\n

The following resources are accessible via the Lumu Defender API. These are core concepts of Lumu Portal that you should familiarize yourself with.

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
ResourceDescription
administrationFor retrieving users and labels’ data.
incidentsFor subscribing, retrieving incident data, and managing their status.
adversarial-activityFor retrieving all adversarial activity found on your perimeters.
spamboxFor retrieving the adversarial activity related to your Spambox.
Portal ManagementThe Lumu Portal records the activities and configurations made on the Portal, allowing administrators to keep track of the changes and ensure compliance with your company’s policies.
\n
\n

For in depth API specification, such as syntax, pagination, date format, error responses, rate limit and more, consult our documentation / support.

\n
\n

Get started and support

\n

Access and authentication

\n

The Defender API requires each client to use a unique and personal API key, referred to in our documentation as {company-key}. The company’s API key is found in the Defender menu of the Lumu Portal and is self-managed by company administrators.

\n\"Lumu\n\n

Quick Setup

\n

Postman is a tool for exploring and testing APIs. This Postman collection, which is a group of API requests, contains a set of requests that provides you with Lumu Defender API endpoint requirements, request parameters, and response messages samples.

\n

Click the button Run in Postman to automatically open the Postman collection.

\n

Once you've imported the collection to Postman, you will need to inform your company's API key from the Lumu Portal, for this, click in the collection, then go to the \"Variables\" (1) tab and add your company unique API key (2).

\n\"Postman\n\n

Tutorial Structure

\n

The Postman collection is broken into four subfolders. They are organized in a way that introduces the Lumu resources that are available through the Lumu Defender API.

\n

Each folder and request in the collection has a description. Some of these descriptions contain important information, such as prerequisites for running the request or information that should be replaced with actual data to perform your query. After selecting the request in Postman, you can click the documentation icon to see the request details (1). Each request includes the query (2) and body parameters description (when applicable).

\n\"Postman\n\n

Each request includes a response example for the status 200 (1), you can see each sample inside the query, as in the following image:

\n\"Postman\n\n

NOTE: the examples of responses in this collection are not comprehensive of all parameter configurations or operations. The examples of responses intend to show the basic information provided by the API call, the format, and how that information is structured and labeled. The actual response can include more parameters.

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"What's in the collection?","slug":"whats-in-the-collection"},{"content":"Get started and support","slug":"get-started-and-support"}],"owner":"8464717","collectionId":"d137aeda-6380-49ba-9588-bdb932d9946e","publishedId":"TzRVfmh9","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"333333","highlight":"f78e1e"},"publishDate":"2021-05-14T15:23:45.000Z"},"item":[{"name":"Working with Users and Labels","item":[{"name":"Retrieve labels","id":"434c9c55-afeb-4734-a5ac-2dbe3c36fa21","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{}},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/administration/labels?key=","description":"

Get a paginated list of all the labels created for the company and its details such as id, name and business relevance. The items are sorted by the label id in ascending order.

\n","urlObject":{"protocol":"https","path":["api","administration","labels"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"126e20a4-82e1-4b1f-bae6-251a96c893c5","name":"Retrieve labels","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/administration/labels?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","administration","labels"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\r\n \"labels\": [\r\n {\r\n \"id\": 1, \r\n \"name\": \"Sales\", \r\n \"relevance\": 3 //Business relevance. The possible values are 1 (low), 2 (medium) and 3 (high).\r\n }, \r\n {\r\n \"id\": 2, \r\n \"name\": \"Customers\", \r\n \"relevance\": 1\r\n }, \r\n ],\r\n \"paginationInfo\": {\r\n \"page\": 2, \r\n \"items\": 2, \r\n \"next\": 3, \r\n \"prev\": 1\r\n }\r\n}"}],"_postman_id":"434c9c55-afeb-4734-a5ac-2dbe3c36fa21"},{"name":"Retrieve a specific label","id":"5272076a-a4d7-44d9-968d-d57ff2af8e25","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/administration/labels/{label-id}?key=","description":"

Get details such as id, name and business relevance from a specific label.

\n
\n\n\n\n\n\n\n\n\n
{label-id}ID of the specific label
\n
","urlObject":{"protocol":"https","path":["api","administration","labels","{label-id}"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"3e0c1da7-ad8f-423c-aa8f-cc04aa407563","name":"Retrieve a specific label","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/administration/labels/1?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","administration","labels","1"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"id\": 1,\n \"name\": \"Sales\",\n \"relevance\": 3 //Business relevance. The possible values are 1 (low), 2 (medium) and 3 (high).\n}"}],"_postman_id":"5272076a-a4d7-44d9-968d-d57ff2af8e25"},{"name":"Retrieve users","id":"d2e57a58-9483-405a-b4a4-58c2b937f87a","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{}},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/administration/users?key=","description":"

Get a paginated list of all the users registered in the company and their details. The items are sorted by the user id in ascending order.

\n","urlObject":{"protocol":"https","path":["api","administration","users"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"9827342d-1fc7-44fe-8dea-30c3d4860fd5","name":"Retrieve users","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/administration/users?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","administration","users"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"users\": [\n {\n \"id\": 1,\n \"role\": \"admin\",\n \"email\": \"john@company.com\",\n \"name\": \"John Doe\",\n \"time_zone\": \"Etc/UTC\",\n \"deactivated\": false\n },\n {\n \"id\": 2,\n \"role\": \"admin\",\n \"email\": \"sara@company.com\",\n \"name\": \"Sara Green\",\n \"time_zone\": \"Etc/UTC\",\n \"deactivated\": false //User account status. The two possible values are `false`(user is active) and `true`(user is deactivated). A deactivated account is unable to login into the Lumu Portal.\n }\n ],\n \"paginationInfo\": {\n \"page\": 2,\n \"items\": 2,\n \"next\": 3,\n \"prev\": 1\n }\n}"}],"_postman_id":"d2e57a58-9483-405a-b4a4-58c2b937f87a"},{"name":"Retrieve a specific user","id":"6c65e8ce-b806-4a1a-8043-ba117c7a6281","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/administration/users/{user-id}?key=","description":"

Get specific user details such as id, name, and role.

\n
\n\n\n\n\n\n\n\n\n
{{user-id}}ID of the specific user
\n
","urlObject":{"protocol":"https","path":["api","administration","users","{user-id}"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"5aa5270e-85e9-41bf-9b31-4192faac4163","name":"Retrieve a specific user","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/administration/users/2?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","administration","users","2"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"id\": 2,\n \"role\": \"admin\",\n \"email\": \"sara@company.com\",\n \"name\": \"Sara Green\",\n \"time_zone\": \"Etc/UTC\",\n \"deactivated\": false //User account status. The two possible values are `false`(user is active) and `true`(user is deactivated). A deactivated account is unable to login into the Lumu Portal.\n}"}],"_postman_id":"6c65e8ce-b806-4a1a-8043-ba117c7a6281"}],"id":"9863dbd6-ad26-4364-9f6a-7201deb24355","description":"

The /administration endpoints contain information about labels and users of the company. Labels help identify and classify compromise distribution across your infrastructure.

\n
\n

Consult our documentation for getting started with Labels and Accounts.

\n
\n","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":[""],"id":"a80d5831-8152-44b8-b8d7-bb30997527dd"}},{"listen":"test","script":{"type":"text/javascript","exec":[""],"id":"0ff95314-0593-4ca6-99e2-183bed931bda"}}],"_postman_id":"9863dbd6-ad26-4364-9f6a-7201deb24355"},{"name":"Working with Incidents","item":[{"name":"Retrieve incidents","event":[{"listen":"prerequest","script":{"id":"17c10f00-8199-4383-b3e4-717ec64c11ee","exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript"}}],"id":"5b2921ea-da4b-4822-b3e4-e963003a3606","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"fromDate\": \"2021-04-01T14:40:14.939Z\", //Search start date. The default value is 7 days before the current date.\r\n \"toDate\": \"2021-04-01T14:40:14.939Z\", //Search end date. The default value is the current date.\r\n \"status\": [\"open\", \"muted\", \"closed\"], //Incident status. If not specified, all objects are returned.\r\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\r\n \"labels\": [1, 2, 3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/all?key=","description":"

Get a paginated list of incidents for the company. The items are listed by the most recent.

\n","urlObject":{"protocol":"https","path":["api","incidents","all"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"53dc7e48-6fd8-43d7-9e87-f03825137b30","name":"Retrieve incidents","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"fromDate\": \"2021-03-23T16:15:30.00-05:00[Europe/Paris]\",\r\n \"toDate\": \"2021-04-15T16:15:30.234+01:00[Europe/Paris]\",\r\n \"status\": [\"open\"],\r\n \"adversary-types\": [\"C2C\"],\r\n \"labels\": [0, 815]\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/all?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","all"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"id\": \"2a4862b0-97af-11eb-aa46-b5c18d44caca\", \n \"timestamp\": \"2021-04-07T14:40:14.939Z\", \n \"statusTimestamp\": \"2021-04-07T14:40:14.939Z\", \n \"status\": \"open\", \n \"contacts\": 1, \n \"adversaries\": [\n \"example1.com\"\n ], \n \"adversaryTypes\": [\n \"C2C\"\n ], \n \"labelDistribution\": {\n \"17\": 1\n }, \n \"totalEndpoints\": 1, \n \"lastContact\": \"2021-04-04T14:37:02.228Z\", \n \"unread\": true\n }\n ],\n \"paginationInfo\": {\n \"page\": 1, \n \"items\": 50,\n }\n }"}],"_postman_id":"5b2921ea-da4b-4822-b3e4-e963003a3606"},{"name":"Retrieve a specific incident details","id":"ef1f1960-53fd-4430-92e3-6aebef51a95a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{incident-uuid}/details?key=","description":"

Get details of a specific Incident.

\n
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
","urlObject":{"protocol":"https","path":["api","incidents","{incident-uuid}","details"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"8868ed36-2f85-4d3f-a113-ffa998e47332","name":"Retrieve a specific incident details","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/incidents/4d90fc30-a6de-11eb-8239-a117f0a9f6f5/details?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","4d90fc30-a6de-11eb-8239-a117f0a9f6f5","details"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"id\": \"4d90fc30-a6de-11eb-8239-a117f0a9f6f5\",\n \"timestamp\": \"2021-04-26T22:25:27.923Z\",\n \"isUnread\": false,\n \"contacts\": 114,\n \"adversaryId\": \"Malware family qakbot\",\n \"adversaries\": [\n \"malicious.net\",\n \"suspicious.biz\",\n \"example.com\"\n ],\n \"adversaryTypes\": [\n \"DGA\"\n ],\n \"description\": \"Malware family qakbot\",\n \"labelDistribution\": {\n \"144\": 114\n },\n \"totalEndpoints\": 1,\n \"lastContact\": \"2021-04-26T22:39:16.131Z\",\n \"actions\": [\n {\n \"datetime\": \"2021-04-27T15:13:56.939Z\",\n \"userId\": 0,\n \"action\": \"close\",\n \"comment\": \"Incident close from external API\"\n },\n {\n \"datetime\": \"2021-04-26T22:42:32.532Z\",\n \"userId\": 1,\n \"action\": \"read\",\n \"comment\": \"\"\n }\n ],\n \"status\": \"closed\",\n \"statusTimestamp\": \"2021-04-27T15:13:56.939Z\",\n \"firstContactDetails\": {\n \"uuid\": \"09e02310-de1b-11ec-b481-eb776e1a9b92\",\n \"datetime\": \"2022-05-28T00:13:45.281Z\",\n \"host\": \"108clip.com\",\n \"types\": [\n \"Phishing\"\n ],\n \"details\": [\n \"Malware family Pony\"\n ],\n \"endpointIp\": \"255.111.42.143\",\n \"endpointName\": \"USER.USER-PC\",\n \"label\": 346,\n \"sourceType\": \"virtual_appliance\",\n \"sourceId\": \"55719C03-b31t-4d5e-8e1e-9f2b7d651c45\",\n \"sourceData\": {\n \"DNSPacketExtraInfo\": {\n \"question\": {\n \"type\": \"A\",\n \"name\": \"108clip.com\",\n \"class\": \"IN\"\n },\n \"responseCode\": \"NOERROR\",\n \"flags\": {\n \"authoritative\": false,\n \"recursion_available\": true,\n \"truncated_response\": false,\n \"checking_disabled\": false,\n \"recursion_desired\": true,\n \"authentic_data\": false\n },\n \"answers\": [\n {\n \"name\": \"108clip.com\",\n \"type\": \"A\",\n \"class\": \"IN\",\n \"ttl\": 2549,\n \"data\": \"51.225.156.155\"\n }\n ],\n \"opCode\": \"QUERY\"\n }\n },\n \"isPlayback\": false\n },\n \"lastContactDetails\": {\n \"uuid\": \"a53c04a0-de1b-11ec-8d45-eb776e3f5271\",\n \"datetime\": \"2022-05-28T00:18:05.930Z\",\n \"host\": \"108clip.com\",\n \"types\": [\n \"Phishing\"\n ],\n \"details\": [\n \"Malware family Pony\"\n ],\n \"endpointIp\": \"119.129.144.45\",\n \"endpointName\": \"USER.USER-PC\",\n \"label\": 346,\n \"sourceType\": \"virtual_appliance\",\n \"sourceId\": \"55719C03-b31t-4d5e-8e1e-9f2b7d651c45\",\n \"sourceData\": {\n \"DNSPacketExtraInfo\": {\n \"question\": {\n \"type\": \"A\",\n \"name\": \"108clip.com\",\n \"class\": \"IN\"\n },\n \"responseCode\": \"NOERROR\",\n \"flags\": {\n \"authoritative\": false,\n \"recursion_available\": true,\n \"truncated_response\": false,\n \"checking_disabled\": false,\n \"recursion_desired\": true,\n \"authentic_data\": false\n },\n \"answers\": [\n {\n \"name\": \"108clip.com\",\n \"type\": \"A\",\n \"class\": \"IN\",\n \"ttl\": 2549,\n \"data\": \"250.4.148.28\"\n }\n ],\n \"opCode\": \"QUERY\"\n }\n },\n \"isPlayback\": false\n }\n}"}],"_postman_id":"ef1f1960-53fd-4430-92e3-6aebef51a95a"},{"name":"Retrieve a specific incident context","id":"3578df0f-a7ff-49b9-ba2c-374f98d8007b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{incident-uuid}/context?key={company-key}&hash={hash-type}","description":"

Get details of a specific Incident.

\n
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
","urlObject":{"protocol":"https","path":["api","incidents","{incident-uuid}","context"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":"{company-key}"},{"key":"hash","value":"{hash-type}"}],"variable":[]}},"response":[{"id":"95174392-606e-4ecd-8b3b-edfe3c56ab3a","name":"Retrieve a specific incident context","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/incidents/4d90fc30-a6de-11eb-8239-a117f0a9f6f5/context?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&hash=SHA1","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","4d90fc30-a6de-11eb-8239-a117f0a9f6f5","context"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"hash","value":"SHA1"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"adversary_id\": \"domain-example.net\",\n \"currently_active\": false, \n \"deactivated_on\": \"2021-09-04T14:32:23.325Z\", \n \"mitre\": {\n \"details\": [\n {\n \"tactic\": \"discovery\",\n \"techniques\": [\"T1083\", \"T1069.002\", \"T1082\"]\n }, \n {\n \"tactic\": \"initial-access\",\n \"techniques\": [\"T1189\", \"T1566.001\"]\n }\n ],\n \"matrix\": \"enterprise\",\n \"version\": \"9.0\" \n }, \n \"related_files\": [\n \"c7267981748605fd27af739ef32d4688dc1dc160\",\n \"0668db6c06fe1bf8726487cd346f5dea7a20caf7\",\n \"4adb5eeb53dae0a580f4ec55a9add1a0696f4e93\",\n \"c38e3a08046938c0d9017c5d09e460b3d0046563\",\n \"8ae2e0bbb7174320379d720ca35421d3d96843ff\",\n \"c5515101ec506e963cc6fd4d2fc488300c4b4053\",\n \"79d78a1de39c09977d7d2b8bb09d78cfd7621804\",\n \"981ea159a18d468aded419ddace8403efa53e1a6\",\n \"c08b0daa01a2a3f5ce42d1f4838ca5ecd0e6b64c\",\n \"c7ea27eb33916cc63243354bd6bee988f2a16d09\",\n \"46b37255f22cb75c5031153d1639794c4ea53da4\",\n \"e89a0a90d44b186c129a9dfac85b2a6cb5686c94\",\n \"253738ee1fdff2131cc9917088d277dae983859a\",\n \"b61ac17c70aed3ad70d768d92dd39771e3eb9c59\"\n ],\n \"threat_details\": [\n \"Sodinokibi Ransomware related\"\n ], \n \"threat_triggers\": [\"http://domain-example.net/\"],\n \"playbooks\": [\"https://docs.lumu.io/portal/en/kb/articles/malware-incident-response-playbook\"],\n \"external_resources\": [\n \"https://www.virustotal.com/gui/domain/domain-example.net/relations\",\n \"https://urlhaus.abuse.ch/host/domain-example.net/\",\n \"https://www.appgate.com/blog/electric-company-ransomware-attack-calls-for-14-million-in-ransom\", \n \"https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html\"\n ],\n \"timestamp\": \"2021-11-03T18:30:01.782Z\"\n}\n"}],"_postman_id":"3578df0f-a7ff-49b9-ba2c-374f98d8007b"},{"name":"Comment a specific incident","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"8e6ed4f5-bbe4-4fee-b731-4101a847d9ea"}}],"id":"1b38c213-b829-48c3-a403-943b233b41dc","protocolProfileBehavior":{"disabledSystemHeaders":{},"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"comment\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{incident-uuid}/comment?key={company-key}","description":"

Get a paginated list of open incidents for the company. The items are listed by the most recent.

\n","urlObject":{"protocol":"https","path":["api","incidents","{incident-uuid}","comment"],"host":["defender","lumu","io"],"query":[{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""},{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":"{company-key}"}],"variable":[]}},"response":[{"id":"285d56af-2311-4247-b099-113c7c2d5350","name":"Comment a specific incident","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"critical incident\"\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/eec41860-e69f-11ec-b7a5-9ded001a2220/comment?key=MbEoJwFYiPmMUDi8k1CaIIo3EDeFwWox","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","eec41860-e69f-11ec-b7a5-9ded001a2220","comment"],"query":[{"key":"key","value":"MbEoJwFYiPmMUDi8k1CaIIo3EDeFwWox"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":""}],"_postman_id":"1b38c213-b829-48c3-a403-943b233b41dc"},{"name":"Retrieve open incidents","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"64b314a0-1b2e-4b92-b362-f5d23ffb2f30"}}],"id":"f0caeae1-0fed-450b-b5a3-6c7dd9ffc03c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\r\n \"labels\": [1,2,3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/open?key=","description":"

Get a paginated list of open incidents for the company. The items are listed by the most recent.

\n","urlObject":{"protocol":"https","path":["api","incidents","open"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"d3dc7d45-d553-4173-8259-933384ad572d","name":"Retrieve open incidents","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [],\r\n \"labels\": []\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/open?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","open"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"id\": \"d53f69d0-9948-11eb-9b30-bd475fa20b50\",\n \"timestamp\": \"2021-04-09T15:32:45.933Z\",\n \"statusTimestamp\": \"2021-04-13T15:15:57.591Z\",\n \"status\": \"open\",\n \"contacts\": 4,\n \"adversaries\": [\n \"malicious.com\",\n \"suspicious.com\"\n ],\n \"adversaryId\": \"Malware family Banjori\",\n \"adversaryTypes\": [\n \"DGA\"\n ],\n \"description\": \"Malware family Banjori\",\n \"labelDistribution\": {\n \"37\": 2,\n \"39\": 1,\n \"179\": 1\n },\n \"totalEndpoints\": 3,\n \"lastContact\": \"2021-04-08T15:25:02.228Z\",\n \"unread\": false\n }\n ],\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"f0caeae1-0fed-450b-b5a3-6c7dd9ffc03c"},{"name":"Retrieve muted incidents","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"ba8f4e6e-608f-4231-af52-185486304382"}}],"id":"f508a0ad-971a-4a20-ab07-dad33e9934ad","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\r\n \"labels\": [1,2,3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/muted?key=","description":"

Get a paginated list of muted incidents for the company. The items are listed by the most recent.

\n","urlObject":{"protocol":"https","path":["api","incidents","muted"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"d84a03de-4241-4cee-b074-138ef70cb6b8","name":"Retrieve muted incidents","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [],\r\n \"labels\": []\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/muted?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","muted"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\r\n \"items\": [\r\n {\r\n \"id\": \"d53f69d0-9948-11eb-9b30-bd475fa2caca\",\r\n \"timestamp\": \"2021-04-09T15:32:45.933Z\",\r\n \"statusTimestamp\": \"2021-04-20T17:55:15.730Z\",\r\n \"status\": \"muted\",\r\n \"contacts\": 4,\r\n \"adversaries\": [\r\n \"malicious.top\",\r\n ],\r\n \"adversaryId\": \"Malware family Banjori\",\r\n \"adversaryTypes\": [\r\n \"DGA\"\r\n ],\r\n \"description\": \"Malware family Banjori\",\r\n \"labelDistribution\": {\r\n \"179\": 1,\r\n \"39\": 1\r\n },\r\n \"totalEndpoints\": 3,\r\n \"lastContact\": \"2021-04-08T15:25:02.228Z\",\r\n \"unread\": false\r\n }\r\n ],\r\n \"paginationInfo\": {\r\n \"page\": 1,\r\n \"items\": 50\r\n }\r\n}"}],"_postman_id":"f508a0ad-971a-4a20-ab07-dad33e9934ad"},{"name":"Retrieve closed incidents","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"200e97ec-7b22-44df-a176-d72652152895"}}],"id":"a7935f54-46ea-428d-9463-41745573a166","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\r\n \"labels\": [1,2,3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/closed?key=","description":"

Get a paginated list of closed incidents for the company. The items are listed by the most recent.

\n","urlObject":{"protocol":"https","path":["api","incidents","closed"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"04c19b58-6d58-429f-8248-055224867c9b","name":"Retrieve closed incidents","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"adversary-types\": [],\r\n \"labels\": []\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/closed?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","closed"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"id\": \"af16bc80-9c7d-11eb-93a2-5b93f424cf4d\",\n \"timestamp\": \"2021-04-13T17:28:38.728Z\",\n \"statusTimestamp\": \"2021-04-15T14:56:27.067Z\",\n \"status\": \"closed\",\n \"contacts\": 1,\n \"adversaries\": [\n \"example.com\"\n ],\n \"adversaryId\": \"example.com\",\n \"adversaryTypes\": [\n \"Phishing\"\n ],\n \"description\": \"Phishing domain\",\n \"labelDistribution\": {\n \"37\": 1\n },\n \"totalEndpoints\": 1,\n \"lastContact\": \"2021-04-12T15:25:02.228Z\",\n \"unread\": false\n }\n ],\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"a7935f54-46ea-428d-9463-41745573a166"},{"name":"Retrieve endpoints by incident","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"39b5666c-9667-4f3e-ba78-b60c62e0d7fe"}}],"id":"ced829ac-25df-40f2-b0c2-44ec47b346d6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"endpoints\": [\"182.168.100.29\", \"DESK-9867\"], //List of ID of contacting endpoints. If not specified, all objects are returned.\r\n \"labels\": [1,2,3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{{ncident-uuid}/endpoints-contacts?key=","description":"

Get a paginated summary of the endpoints affected by a specified incident.

\n
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
","urlObject":{"protocol":"https","path":["api","incidents","{{ncident-uuid}","endpoints-contacts"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"40af65ab-8e4a-485f-9af2-2d318551883a","name":"Retrieve endpoints by incident","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"endpoints\": [],\r\n \"labels\": []\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/af16bc80-9c7d-11eb-93a2-5b93f424cf4d/endpoints-contacts?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","af16bc80-9c7d-11eb-93a2-5b93f424cf4d","endpoints-contacts"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"label\": 179,\n \"endpoint\": \"banrepnt\",\n \"total\": 1,\n \"first\": \"2021-04-08T15:25:02.228Z\",\n \"last\": \"2021-04-08T15:25:02.228Z\"\n },\n {\n \"label\": 37,\n \"endpoint\": \"192.23.65.61\",\n \"total\": 2,\n \"first\": \"2021-04-08T15:25:02.228Z\",\n \"last\": \"2021-04-08T15:25:02.228Z\"\n },\n {\n \"label\": 39,\n \"endpoint\": \"jbrow\",\n \"total\": 1,\n \"first\": \"2021-04-08T15:25:02.228Z\",\n \"last\": \"2021-04-08T15:25:02.228Z\"\n }\n ],\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"ced829ac-25df-40f2-b0c2-44ec47b346d6"},{"name":"Mark incident as read","id":"f3bde710-75fa-431a-b77e-56a62049bee9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{incident-uuid}/mark-as-read?key=","description":"

This transaction does not require any additional body parameters.

\n
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
\n

To associate a specific user to this transaction, include the header Lumu-User-Id with the user id as a value. Read more.

\n
\n","urlObject":{"protocol":"https","path":["api","incidents","{incident-uuid}","mark-as-read"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"da61eaee-4905-4f24-9e7b-976d549cda5c","name":"Mark incident as read","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/d3f41000-af3f-11eb-84b5-75a575634188/mark-as-read?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","d3f41000-af3f-11eb-84b5-75a575634188","mark-as-read"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"plain","header":[{"key":"Content-Length","value":"0"},{"key":"Connection","value":"keep-alive"},{"key":"RateLimit-Limit","value":"50"},{"key":"RateLimit-Remaining","value":"49"},{"key":"X-RateLimit-Remaining-Minute","value":"49"},{"key":"X-RateLimit-Limit-Minute","value":"50"},{"key":"X-RateLimit-Remaining-Day","value":"9944"},{"key":"X-RateLimit-Limit-Day","value":"10000"},{"key":"RateLimit-Reset","value":"59"},{"key":"Date","value":"Tue, 20 Apr 2021 18:52:01 GMT"},{"key":"Server","value":"akka-http/10.1.11"},{"key":"X-Kong-Upstream-Latency","value":"6"},{"key":"X-Kong-Proxy-Latency","value":"1"},{"key":"Via","value":"kong/2.4.0"}],"cookie":[],"responseTime":null,"body":""}],"_postman_id":"f3bde710-75fa-431a-b77e-56a62049bee9"},{"name":"Mute incident","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"40fc0207-70e6-4ed1-b378-947bbb9b018e"}}],"id":"921f93c0-05af-44a3-bb3a-9726d8362820","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\" //REQUIRED comment to be added in the Incident log. Example:\"Internal penetration tests\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{incident-uuid}/mute?key=","description":"
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
\n

To associate a specific user to this transaction, include the header Lumu-User-Id with the user id as a value. Read more.

\n
\n","urlObject":{"protocol":"https","path":["api","incidents","{incident-uuid}","mute"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"ec2dea7d-f7ef-487b-bd89-4bccc7dfeabc","name":"Mute incident","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\"\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/d3f41000-af3f-11eb-84b5-75a575634188/mute?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","d3f41000-af3f-11eb-84b5-75a575634188","mute"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":""}],"_postman_id":"921f93c0-05af-44a3-bb3a-9726d8362820"},{"name":"Unmute incident","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"cac3ec66-fd89-4473-829c-fc4bd8361c16"}}],"id":"3fbe4518-b639-4813-990c-378c7b276435","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\" //REQUIRED comment to be added in the Incident log. Example:\"The issue is now relevant\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{{ncident-uuid}/unmute?key=","description":"
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
\n

To associate a specific user to this transaction, include the header Lumu-User-Id with the user id as a value. Read more.

\n
\n","urlObject":{"protocol":"https","path":["api","incidents","{{ncident-uuid}","unmute"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"e674b00f-0f7d-4323-a8c2-1bff058a43fe","name":"Unmute incident","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\"\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/d3f41000-af3f-11eb-84b5-75a575634188/unmute?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","d3f41000-af3f-11eb-84b5-75a575634188","unmute"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":""}],"_postman_id":"3fbe4518-b639-4813-990c-378c7b276435"},{"name":"Consult incidents updates through REST","id":"92577a18-2e32-4141-bd65-b368d484b0bc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/open-incidents/updates?offset=0&items=50&time=5&key={company-key}\n","description":"

Lumu provides an endpoint to consult real-time updates on incident operations through REST when Websocket is not available.

\n

Note: the date format in the updates received from the endpoint is in the UTC time zone and follows standards published in RFC 3339 and ISO 8601

\n
\n\n\n\n\n\n\n\n\n
{company-key}Your company's unique API key available at the Lumu Portal
\n
","urlObject":{"protocol":"https","path":["api","incidents","open-incidents","updates"],"host":["defender","lumu","io"],"query":[{"key":"offset","value":"0"},{"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":"50"},{"description":{"content":"

Time in seconds for request delay. Only required under specific conditions. (max: 20)

\n","type":"text/plain"},"key":"time","value":"5"},{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":"{company-key}\n"}],"variable":[]}},"response":[{"id":"a25a8429-3a72-4e09-9749-020683ca5b9d","name":"Consult incidents updates through REST","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/incidents/open-incidents/updates?key=MbEoJwFYiPmMUDi8k1CaIIo3EDeFwWox&offset=733335","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","open-incidents","updates"],"query":[{"key":"key","value":"MbEoJwFYiPmMUDi8k1CaIIo3EDeFwWox","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"offset","value":"733335"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n\t\"updates\": [\n \t{\n \t\"IncidentClosed\": {\n \t\"companyId\": \"10228d9c-ff18-4251-ac19-514185e00f17\",\n \t\"incident\": {\n \t\"id\": \"47fa7230-225a-11ed-9be2-739ab0337004\",\n \t\"timestamp\": \"2022-08-22T20:37:46.835Z\",\n \t\"statusTimestamp\": \"2022-08-23T19:58:50.887Z\",\n \t\"status\": \"closed\",\n \t\"contacts\": 1,\n \t\"adversaries\": [\n \t\"chinagrouptraders.xyz\"\n \t],\n \t\"adversaryId\": \"chinagrouptraders.xyz\",\n \t\"adversaryTypes\": [\n \t\"C2C\",\n \t\"Malware\"\n \t],\n \t\"description\": \"Malware family Keybase\",\n \t\"labelDistribution\": {\n \t\"0\": 1\n \t},\n \t\"totalEndpoints\": 1,\n \t\"lastContact\": \"2022-08-22T20:32:02.228Z\",\n \t\"unread\": false,\n \t\"hasPlaybackContacts\": false,\n \t\"firstContact\": \"2022-08-22T20:32:02.228Z\"\n \t},\n \t\"comment\": \"test\"\n \t}\n \t},\n \t{\n \t\"OpenIncidentsStatusUpdated\": {\n \t\"companyId\": \"10228d9c-ff18-4251-ac19-514185e00f17\",\n \t\"openIncidentsStatus\": {\n \t\"openIncidents\": 575,\n \t\"totalContacts\": 12617,\n \t\"typeDistribution\": {\n \t\"DGA\": 11,\n \t\"C2C\": 117,\n \t\"Network Scan\": 10,\n \t\"Mining\": 139,\n \t\"Phishing\": 53,\n \t\"Spam\": 81,\n \t\"Malware\": 281\n \t},\n \t\"labelDistribution\": {\n \t},\n \t\"totalEndpoints\": 115\n \t}\n \t}\n \t},\n \t{\n \t\"IncidentUnmuted\": {\n \t\"companyId\": \"10228d9c-ff18-4251-ac19-514185e00f17\",\n \t\"incident\": {\n \t\"id\": \"43511460-1fa7-11ed-bd66-d162eff789a8\",\n \t\"timestamp\": \"2022-08-19T10:11:16.774Z\",\n \t\"statusTimestamp\": \"2022-08-23T19:59:08.775Z\",\n \t\"status\": \"open\",\n \t\"contacts\": 1,\n \t\"adversaries\": [\n \t\"ethereum-pocket.com\"\n \t],\n \t\"adversaryId\": \"ethereum-pocket.com\",\n \t\"adversaryTypes\": [\n \t\"Mining\"\n \t],\n \t\"description\": \"CryptoMining domain\",\n \t\"labelDistribution\": {\n \t\"2148\": 1\n \t},\n \t\"totalEndpoints\": 1,\n \t\"lastContact\": \"2022-08-16T20:23:23Z\",\n \t\"unread\": false,\n \t\"hasPlaybackContacts\": false,\n \t\"firstContact\": \"2022-08-16T20:23:23Z\"\n \t},\n \t\"comment\": \"relevant\"\n \t}\n \t},\n \t{\n \t\"OpenIncidentsStatusUpdated\": {\n \t\"companyId\": \"10228d9c-ff18-4251-ac19-514185e00f17\",\n \t\"openIncidentsStatus\": {\n \t\"openIncidents\": 576,\n \t\"totalContacts\": 12618,\n \t\"typeDistribution\": {\n \t\"DGA\": 11,\n \t\"C2C\": 117,\n \t\"Network Scan\": 10,\n \t\"Mining\": 140,\n \t\"Phishing\": 53,\n \t\"Spam\": 81,\n \t\"Malware\": 281\n \t},\n \t\"labelDistribution\": {\n \t},\n \t\"totalEndpoints\": 115\n \t}\n \t}\n \t},\n \t{\n \t\"NewIncidentCreated\": {\n \t\"companyId\": \"10228d9c-ff18-4251-ac19-514185e00f17\",\n \t\"incident\": {\n \t\"id\": \"923bb150-231e-11ed-95fb-d3cd7c5e7afb\",\n \t\"timestamp\": \"2022-08-23T20:02:52.773Z\",\n \t\"statusTimestamp\": \"2022-08-23T20:02:52.773Z\",\n \t\"status\": \"open\",\n \t\"contacts\": 1,\n \t\"adversaries\": [\n \t\"chinagrouptraders.xyz\"\n \t],\n \t\"adversaryId\": \"chinagrouptraders.xyz\",\n \t\"adversaryTypes\": [\n \t\"C2C\",\n \t\"Malware\"\n \t],\n \t\"description\": \"Malware family Keybase\",\n \t\"labelDistribution\": {\n \t\"218\": 1\n \t},\n \t\"totalEndpoints\": 1,\n \t\"lastContact\": \"2022-08-20T20:37:02.228Z\",\n \t\"unread\": true,\n \t\"hasPlaybackContacts\": false,\n \t\"firstContact\": \"2022-08-20T20:37:02.228Z\"\n \t},\n \t\"openIncidentsStats\": {\n \t\"openIncidents\": 577,\n \t\"totalContacts\": 12619,\n \t\"typeDistribution\": {\n \t\"DGA\": 11,\n \t\"C2C\": 118,\n \t\"Network Scan\": 10,\n \t\"Mining\": 140,\n \t\"Phishing\": 53,\n \t\"Spam\": 81,\n \t\"Malware\": 282\n \t},\n \t\"labelDistribution\": {\n \t},\n \t\"totalEndpoints\": 116\n \t}\n \t}\n \t}\n\t],\n\t\"offset\": 724454\n} "}],"_postman_id":"92577a18-2e32-4141-bd65-b368d484b0bc"},{"name":"Close incident","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"3f9ad528-1b74-4c07-b6ca-b97cbbe090f9"}}],"id":"92efadae-8a76-4852-a306-29b9caca655b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\" //REQUIRED comment to be added in the Incident log. Example:\"Internal penetration tests\"\r\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/incidents/{{ncident-uuid}/close?key=","description":"
\n\n\n\n\n\n\n\n\n
{incident-uuid}uuid of the specific incident
\n
\n

To associate a specific user to this transaction, include the header Lumu-User-Id with the user id as a value. Read more.

\n
\n","urlObject":{"protocol":"https","path":["api","incidents","{{ncident-uuid}","close"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""}],"variable":[]}},"response":[{"id":"bbb95671-e95c-4320-a3fb-5386cad530e1","name":"Close incident","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"comment\": \"\"\r\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/incidents/d3f41000-af3f-11eb-84b5-75a575634188/close?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3","protocol":"https","host":["defender","lumu","io"],"path":["api","incidents","d3f41000-af3f-11eb-84b5-75a575634188","close"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3"}]}},"status":"- Sucess","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":""}],"_postman_id":"92efadae-8a76-4852-a306-29b9caca655b"}],"id":"8b10120b-3230-4b56-b5a0-9fd6af66c108","description":"

The /incidents endpoints contain information about incidents of the company. Lumu groups all occurrences of contacts to malicious infrastructure by adversary and presents them consolidated in the form of incidents.

\n
\n

For getting started with Incidents, consult our documentation / Support.

\n
\n

General considerations

\n

The set of incident status (status) and incident types (incident-types) can vary, therefore, any implementation using endpoints that receive those as query data should consider variations. These are the current values for these parameters:

\n\n

Subscribe to Incidents (Websocket)

\n

Lumu provides a streaming endpoint to subscribe to real-time updates on incident operations. Establishing a connection to the streaming API means making a very long-lived HTTP request, and parsing the response incrementally.

\n
\n

For details on API stream, consult our documentation.

\n
\n

User identification considerations

\n

To associate a specific user to POST API transactions (mark as read, mute, unmute and close), you should include the header Lumu-User-Id with the user id as a value.

\n
\n

Example: Lumu-User-Id: 2. This parameter is optional and when not included, the action taken will not be associated to any user. For example, if we set in the query header the id 2, that corresponds to the user “Integration user”, the incident log will look like the following image:

\n
\n

\n","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":[""],"id":"8552124a-4f36-48cb-acda-488a7fcc9610"}},{"listen":"test","script":{"type":"text/javascript","exec":[""],"id":"5e7edf08-b8f5-4b25-ab56-51e932759409"}}],"_postman_id":"8b10120b-3230-4b56-b5a0-9fd6af66c108"},{"name":"Working with Adversarial Activity","item":[{"name":"Retrieve contacted adversaries","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"e91984b2-3b57-4ab7-9b1c-d3bdc365727c"}}],"id":"32779929-a575-4ceb-83c7-a82ff92a8c02","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-04-01T14:40:14.939Z\", //Search start date. The default value is 7 days before the current date.\n \"toDate\": \"2021-04-01T14:40:14.939Z\", //Search end date. The default value is the current date.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"labels\": [1, 2, 3], //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n \"endpoints\": [\"182.168.100.29\", \"DESK-9867\"] //List of ID of contacting endpoints. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries?key=","description":"

Get a paginated summary of the adversaries contacted by endpoints within a time-frame.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"dcde18c7-e509-4526-b5dc-8d76a390b54d","name":"Retrieve contacted adversaries","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-02-23T16:15:30.00-05:00[Europe/Paris]\",\n \"toDate\": \"2021-03-15T16:15:30.234+01:00[Europe/Paris]\",\n \"adversary-types\": [],\n \"endpoints\": [],\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"example.xyz\",\n \"adversary-types\": [\n \"Spam\"\n ],\n \"descriptions\": [\n \"Spam related\"\n ],\n \"contacts\": 1,\n \"last-contact\": {\n \"time\": \"2020-06-06T11:05:11.964Z\",\n \"endpoint\": \"Gateway company 1\",\n \"label\": 37\n }\n }\n ],\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"32779929-a575-4ceb-83c7-a82ff92a8c02"},{"name":"Retrieve contacted adversaries","id":"5dcffe96-213c-4ece-8257-a672c6bc52ec","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries?key=","description":"

Get a paginated summary of the adversaries contacted by endpoints within a time-frame.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"c40f202b-2dbf-4ea9-b113-55eaca446fe4","name":"Retrieve contacted adversaries","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"example.xyz\",\n \"adversary-types\": [\n \"Spam\"\n ],\n \"descriptions\": [\n \"Spam related\"\n ],\n \"contacts\": 1,\n \"last-contact\": {\n \"time\": \"2020-06-06T11:05:11.964Z\",\n \"endpoint\": \"Gateway company 1\",\n \"label\": 37\n }\n }\n ],\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"5dcffe96-213c-4ece-8257-a672c6bc52ec"},{"name":"Retrieve last contacted adversaries","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"4959e9a8-5274-4025-a2bf-5bf37fa5b036"}}],"id":"23c43121-0829-4d3b-be04-6d977a2b3709","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"labels\": [1, 2, 3], //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n \"endpoints\": [\"182.168.100.29\", \"DESK-9867\"] //List of ID of contacting endpoints. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last?key=","description":"

Get a paginated list of details from adversarial hosts contacted within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"fab2bdbf-09d9-477f-885b-7d31b4baeea4","name":"Retrieve last contacted adversaries","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"hours\": 200,\n \"adversary-types\": [],\n \"labels\": [],\n \"endpoints\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"example.com\",\n \"adversary-types\": [\n \"Phishing\"\n ],\n \"descriptions\": [\n \"Phishing domain\"\n ],\n \"contacts\": 15,\n \"last-contact\": {\n \"time\": \"2021-04-12T15:25:02.228Z\",\n \"endpoint\": \"Gateway 1\",\n \"label\": 37\n }\n }\n ],\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"23c43121-0829-4d3b-be04-6d977a2b3709"},{"name":"Retrieve last contacted adversaries","id":"2c99ff8b-3b84-43aa-85fc-dec2e69961e9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last?key=","description":"

Get a paginated list of details from adversarial hosts contacted within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"713c81b2-0346-4031-b80e-10a406cf7d8f","name":"Retrieve last contacted adversaries","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=1&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"1","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\r\n \"items\": [\r\n {\r\n \"host\": \"example.com\",\r\n \"adversary-types\": [\r\n \"Phishing\"\r\n ],\r\n \"descriptions\": [\r\n \"Phishing domain\"\r\n ],\r\n \"contacts\": 15,\r\n \"last-contact\": {\r\n \"time\": \"2021-04-12T15:25:02.228Z\",\r\n \"endpoint\": \"Gateway 1\",\r\n \"label\": 37\r\n }\r\n }\r\n ],\r\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\r\n \"pagination\": {\r\n \"page\": 1,\r\n \"items\": 50\r\n }\r\n}"}],"_postman_id":"2c99ff8b-3b84-43aa-85fc-dec2e69961e9"},{"name":"Retrieve last contacted adversaries list","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"bb35f05c-f017-40e6-9a7f-86e4793f1f1f"}}],"id":"39d87304-d3c6-44cc-89b9-1e3b875ea962","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"labels\": [1, 2, 3], //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n \"endpoints\": [\"182.168.100.29\", \"DESK-9867\"] //List of ID of contacting endpoints. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""}],"variable":[]}},"response":[{"id":"5fbc713a-543f-4542-9e0f-03e214ab3fac","name":"Retrieve last contacted adversaries list","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200,\n \"adversary-types\": [],\n \"endpoints\": [],\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=10","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"10","description":"The maximum number of items that will be returned (default: 10, max: 10240)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"126.25.36.2\r\nfraud.ro\r\nphishing.com\r\nfake-site.com\r\n95.26.34.5"}],"_postman_id":"39d87304-d3c6-44cc-89b9-1e3b875ea962"},{"name":"Retrieve last contacted adversaries list","id":"d57cf829-10c6-40a9-b9b2-10571f38acb0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"c662ac67-624e-4a6c-9295-f2659c56c72e","name":"Retrieve last contacted adversaries list","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=10&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"10","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"126.25.36.2\r\nfraud.ro\r\nphishing.com\r\nfake-site.com\r\n95.26.34.5"}],"_postman_id":"d57cf829-10c6-40a9-b9b2-10571f38acb0"},{"name":"Retrieve affected endpoints","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"432d9955-78f9-4ea1-9ec8-af04e2195dc4"}}],"id":"97275839-416b-4446-9f28-72978e24ec42","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-04-01T14:40:14.939Z\", //Search start date. The default value is 7 days before the current date.\n \"toDate\": \"2021-04-01T14:40:14.939Z\", //Search end date. The default value is the current date.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"adversaries\": [\"phishing-site.domain\"], //List of adversarial hosts. If not specified, all objects are returned.\n \"labels\": [1, 2, 3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints?key=","description":"

Get a paginated summary of the incidents across endpoints within a time-frame.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"cc3de0e2-4f0a-4875-949e-08ab546bccf1","name":"Retrieve affected endpoints","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-02-23T16:15:30.00-05:00[Europe/Paris]\",\n \"toDate\": \"2021-03-15T16:15:30.234+01:00[Europe/Paris]\",\n \"adversary-types\": [],\n \"adversaries\": [],\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"label\": 38,\n \"endpoint\": \"192.168.0.103\",\n \"last-ip\": \"192.168.0.103\",\n \"total-activity\": 6,\n \"adversarial-contacts\": {\n \"last-time\": \"2020-12-01T17:36:02.228Z\",\n \"last-host\": \"example.xyz\",\n \"count\": 6, //This total count does not necessarily have to match the sum of the incident types, as the same incident can be classified in different categories. In case an endpoint was contacted by two or more adversaries, only the most recent adversary will be retrieved.\n \"distribution\": {\n \"C2C\": 5,\n \"Mining\": 1\n }\n }\n }\n ],\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"97275839-416b-4446-9f28-72978e24ec42"},{"name":"Retrieve affected endpoints","id":"d58b3945-a931-4f4d-ac32-b077fb83937b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints?key=","description":"

Get a paginated summary of the endpoints affected by adversarial contact within a time-frame.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"50cea17c-fa17-4b52-871c-066fb484c993","name":"Retrieve affected endpoints","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"label\": 38,\n \"endpoint\": \"192.168.0.103\",\n \"last-ip\": \"192.168.0.103\",\n \"total-activity\": 6,\n \"adversarial-contacts\": {\n \"last-time\": \"2020-12-01T17:36:02.228Z\",\n \"last-host\": \"example.xyz\",\n \"count\": 6, //This total count does not necessarily have to match the sum of the incident types, as the same incident can be classified in different categories. In case an endpoint was contacted by two or more adversaries, only the most recent adversary will be retrieved.\n \"distribution\": {\n \"C2C\": 5,\n \"Mining\": 1\n }\n }\n }\n ],\n \"timestamp\": \"2021-03-15T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"d58b3945-a931-4f4d-ac32-b077fb83937b"},{"name":"Retrieve last affected endpoints","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"90ae667c-bb44-44b6-bdd5-80129b8f4a7e"}}],"id":"8fa2f349-dbff-4730-bf72-ff4bcaba1275","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"labels\": [1, 2, 3], //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n \"adversaries\": [\"phishing-site.domain\"] //List of adversarial hosts. If not specified, all objects are returned.\n}"},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last?key=","description":"

Get a paginated list of endpoints and adversarial contacts within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints","last"],"host":["defender","lumu","io"],"query":[{"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"8cf02f76-ac96-4a7b-8514-60a45e19f489","name":"Retrieve last affected endpoints","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"hours\": 700,\n \"adversary-types\": [],\n \"adversaries\": [],\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"label\": 37,\n \"endpoint\": \"Gateway 1\",\n \"last-ip\": \"192.168.3.11\",\n \"total-activity\": 15,\n \"adversarial-contacts\": {\n \"last-time\": \"2021-04-12T15:25:02.228Z\",\n \"last-host\": \"example.com\",\n \"count\": 15, //This total count does not necessarily have to match the sum of the incident types, as the same incident can be classified in different categories. In case an endpoint was contacted by two or more adversaries, only the most recent adversary will be retrieved.\n \"distribution\": {\n \"Phishing\": 15\n }\n }\n }\n ],\n \"timestamp\": \"2021-04-26T17:55:43.929612Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 50\n }\n}"}],"_postman_id":"8fa2f349-dbff-4730-bf72-ff4bcaba1275"},{"name":"Retrieve last affected endpoints","id":"d6562c30-1b58-42ff-ba79-9d68549a91a1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last?key=","description":"

Get a paginated list of endpoints and adversarial contacts within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"b0210932-03f8-45d6-b63b-b5e73ce1067e","name":"Retrieve last affected endpoints","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Limit the number of results per page (default: 50, max: 100)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\r\n \"items\": [\r\n {\r\n \"label\": 37,\r\n \"endpoint\": \"Gateway 1\",\r\n \"last-ip\": \"192.168.3.11\",\r\n \"total-activity\": 15,\r\n \"adversarial-contacts\": {\r\n \"last-time\": \"2021-04-12T15:25:02.228Z\",\r\n \"last-host\": \"example.com\",\r\n \"count\": 15, //This total count does not necessarily have to match the sum of the incident types, as the same incident can be classified in different categories. In case an endpoint was contacted by two or more adversaries, only the most recent adversary will be retrieved.\r\n \"distribution\": {\r\n \"Phishing\": 15\r\n }\r\n }\r\n }\r\n ],\r\n \"timestamp\": \"2021-04-26T17:55:43.929612Z\",\r\n \"pagination\": {\r\n \"page\": 1,\r\n \"items\": 50\r\n }\r\n}"}],"_postman_id":"d6562c30-1b58-42ff-ba79-9d68549a91a1"},{"name":"Retrieve last affected endpoints list","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"59d88db0-123e-4e6e-b7a0-5e842d469ba8"}}],"id":"84bfe1f3-f850-48bc-b3ee-18ab693f8968","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"], //Adversary types. If not specified, all objects are returned.\n \"labels\": [1, 2, 3], //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n \"adversaries\": [\"phishing-site.domain\"], //List of adversarial hosts. If not specified, all objects are returned.\n \"endpoint-identification-type\": \"ID\" //Type of endpoint identification. Possible values: \"IP\" (IP address), “ID” (case-sensitive endpoint ID) - The default value is \"ID\"\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last/list?key=","description":"

Get a list of endpoints with adversarial contacts within a number of hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"key":"","value":""}],"variable":[]}},"response":[{"id":"8d24004a-3f65-43e2-9900-48a97f4bef3c","name":"Retrieve last affected endpoints list","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"hours\": 700,\n \"adversary-types\": [],\n \"adversaries\": [],\n \"endpoint-identification-type\": \"\",\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=10","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"10","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"","value":"","disabled":true}]}},"status":"- Success","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"FW_SGM_DC_01\r\ndevice95639625\r\nDevice64146868"}],"_postman_id":"84bfe1f3-f850-48bc-b3ee-18ab693f8968"},{"name":"Retrieve last affected endpoints list","id":"b6f66fd5-10c9-472b-9c2a-81242e9ee896","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last/list?key=","description":"

Get a list of endpoints with adversarial contacts within a number of hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","affected-endpoints","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"918d13e8-bc3b-45c8-88ac-bac7b8ccb070","name":"Retrieve last contacted endpoints list","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/affected-endpoints/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=50&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","affected-endpoints","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"\tYour company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"50","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to. The default value is 1."}]}},"status":"- Success","code":200,"_postman_previewlanguage":"plain","header":[],"cookie":[],"responseTime":null,"body":"FW_SGM_DC_01\r\ndevice95639625\r\nDevice64146868"}],"_postman_id":"b6f66fd5-10c9-472b-9c2a-81242e9ee896"},{"name":"Retrieve contacted adversaries related to Spambox","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"4dcd624e-304c-46f0-8ac0-f4416135b6e1"}}],"id":"45f044e9-1d17-4643-960c-62e172878845","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-04-01T14:40:14.939Z\", //Search start date. The default value is 7 days before the current date.\n \"toDate\": \"2021-04-01T14:40:14.939Z\", //Search end date. The default value is the current date.\n \"labels\": [1, 2, 3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox?key=","description":"

Get a paginated summary of the adversaries related to Spambox that were contacted by endpoints.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"34681694-1515-4018-9c9b-b5a62f12ffb2","name":"Retrieve contacted adversaries related to Spambox","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-03-20T16:15:30.00-05:00[Europe/Paris]\",\n \"toDate\": \"2021-04-20T16:15:30.234+01:00[Europe/Paris]\",\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"malicious.com\",\n \"adversary-types\": [\n \"Phishing\"\n ],\n \"descriptions\": [\n \"Phishing domain\"\n ],\n \"contacts\": 1,\n \"last-contact\": {\n \"time\": \"2021-03-23T15:37:02.228Z\",\n \"endpoint\": \"Seek & Destroy\",\n \"label\": 55\n }\n }\n ],\n \"timestamp\": \"2021-04-20T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"45f044e9-1d17-4643-960c-62e172878845"},{"name":"Retrieve contacted adversaries related to Spambox","id":"1e322dde-bc8b-4fdb-8b82-57c06e9794b7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox?key=","description":"

Get a paginated summary of the adversaries related to Spambox that were contacted by endpoints.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"9d141661-299e-4176-875b-24acff4a57d3","name":"Retrieve contacted adversaries related to Spambox","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"malicious.com\",\n \"adversary-types\": [\n \"Phishing\"\n ],\n \"descriptions\": [\n \"Phishing domain\"\n ],\n \"contacts\": 1,\n \"last-contact\": {\n \"time\": \"2021-03-23T15:37:02.228Z\",\n \"endpoint\": \"Seek & Destroy\",\n \"label\": 55\n }\n }\n ],\n \"timestamp\": \"2021-04-20T15:15:30.234Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"1e322dde-bc8b-4fdb-8b82-57c06e9794b7"},{"name":"Retrieve last contacted adversaries related to Spambox","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"d97b7fad-d0f3-49a5-9acf-2918942d4143"}}],"id":"7e83a2da-12ef-47cb-9475-e6972973e86a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"labels\": [1, 2, 3] //Label IDs. You may previously use the label API call to retrieve label IDs and names. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last?key=","description":"

Get a detailed list of adversarial hosts contacted, related to Spambox, within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"2f11d6ec-4a21-4e7b-8280-4d61ed53301e","name":"Retrieve last contacted adversaries related to Spambox","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200,\n \"labels\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"suspicious.com\",\n \"adversary-types\": [\n \"C2C\"\n ],\n \"descriptions\": [\n \"Malware family ZeuS\"\n ],\n \"contacts\": 3,\n \"last-contact\": {\n \"time\": \"2021-04-26T22:37:59.148Z\",\n \"endpoint\": \"New GW\",\n \"label\": 144\n }\n }\n ],\n \"timestamp\": \"2021-04-28T18:05:06.517940Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"7e83a2da-12ef-47cb-9475-e6972973e86a"},{"name":"Retrieve last contacted adversaries related to Spambox","id":"801852c5-238d-4803-99df-f8b62eeb7249","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last?key=","description":"

Get a detailed list of adversarial hosts contacted, related to Spambox, within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"93bedc43-0453-49b2-8471-d74a014cc8a2","name":"Retrieve last contacted adversaries related to Spambox","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"items\": [\n {\n \"host\": \"suspicious.com\",\n \"adversary-types\": [\n \"C2C\"\n ],\n \"descriptions\": [\n \"Malware family ZeuS\"\n ],\n \"contacts\": 3,\n \"last-contact\": {\n \"time\": \"2021-04-26T22:37:59.148Z\",\n \"endpoint\": \"New GW\",\n \"label\": 144\n }\n }\n ],\n \"timestamp\": \"2021-04-28T18:05:06.517940Z\",\n \"pagination\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"801852c5-238d-4803-99df-f8b62eeb7249"},{"name":"Retrieve last contacted adversaries list related to Spambox","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData"],"type":"text/javascript","id":"abfe5598-c23c-4308-b6d3-b38b8212b13d"}}],"id":"6e711ae1-f47f-4ce2-89a7-cb58f73000b2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"] //Adversary types. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""}],"variable":[]}},"response":[{"id":"0dec024e-c4c4-4f9a-b637-af8024b4fcbf","name":"Retrieve last contacted adversaries list related to Spambox","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200,\n \"adversary-types\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=10","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"10","description":"The maximum number of items that will be returned (default: 10, max: 10240)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"fraud.ro\r\nphishing.com\r\nfake-site.com"}],"_postman_id":"6e711ae1-f47f-4ce2-89a7-cb58f73000b2"},{"name":"Retrieve last contacted adversaries list related to Spambox","id":"80a4c894-6537-469c-8691-05084d60cd58","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","adversarial-activity","contacted-adversaries","spambox","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"cb558070-d8c6-427b-864e-e4d2a824583f","name":"Retrieve last contacted adversaries list related to Spambox","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/adversarial-activity/contacted-adversaries/spambox/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=10&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","adversarial-activity","contacted-adversaries","spambox","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"10","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"status":"- Success","code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"fraud.ro\r\nphishing.com\r\nfake-site.com"}],"_postman_id":"80a4c894-6537-469c-8691-05084d60cd58"}],"id":"252ba7d2-77ea-48fa-9e21-4ae6efdd6f72","description":"

The /adversarial-activity endpoints contain detailed compromise activity detected on your network, categorized according to threat type.

\n
\n

For the GET endpoint queries, the default values are used for all parameters.

\n
\n","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":[""],"id":"263d9918-9a06-4194-b20d-0789c0227692"}},{"listen":"test","script":{"type":"text/javascript","exec":[""],"id":"e9e9b75e-c573-4bfc-92ef-f11bb1476e0a"}}],"_postman_id":"252ba7d2-77ea-48fa-9e21-4ae6efdd6f72"},{"name":"Working with Spambox","item":[{"name":"Retrieve Spambox adversaries","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData "],"type":"text/javascript","id":"01a78875-545b-4037-9b22-fc83ab364433"}}],"id":"5865e701-1727-4a1a-8a67-ef91587a9638","protocolProfileBehavior":{"disabledSystemHeaders":{"content-type":true},"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-04-01T14:40:14.939Z\", //Search start date. The default value is 7 days before the current date.\n \"toDate\": \"2021-04-01T14:40:14.939Z\", //Search end date. The default value is the current date.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"] //Adversary types. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/spambox/adversaries?key=","description":"

Get a paginated summary of the adversaries found on your Spambox.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"0922bd1c-1d5a-4d1f-838c-bc2bf5f4bdb5","name":"Retrieve Spambox adversaries","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"fromDate\": \"2021-04-01T00:00:00.00-05:00[America/Bogota]\",\n \"toDate\": \"2021-04-28T14:50:59.99-05:00[America/Bogota]\",\n \"adversary-types\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"adversaries\": [\n {\n \"indicator\": \"http://mining.com\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n }\n ],\n \"timestamp\": \"2021-04-29T15:29:48.177Z\",\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"5865e701-1727-4a1a-8a67-ef91587a9638"},{"name":"Retrieve Spambox adversaries","id":"55fb84cb-0b8b-4c36-b5e7-0faf92f06e8d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/spambox/adversaries?key=","description":"

Get a paginated summary of the adversaries found on your Spambox.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"a24e3078-f290-4c9b-8408-014627a4dbde","name":"Retrieve Spambox adversaries","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries?key=&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries"],"query":[{"key":"key","value":"","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"adversaries\": [\n {\n \"indicator\": \"http://mining.com\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n }\n ],\n \"timestamp\": \"2021-04-29T15:29:48.177Z\",\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 1,\n \"next\": 2\n }\n}"}],"_postman_id":"55fb84cb-0b8b-4c36-b5e7-0faf92f06e8d"},{"name":"Retrieve last Spambox adversaries","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData "],"type":"text/javascript","id":"dd73b54c-16f4-42ac-8db7-f381d15ca65e"}}],"id":"18702744-ddb2-4cbb-9bb2-dd6acf1d6ebc","protocolProfileBehavior":{"disabledSystemHeaders":{"content-type":true},"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200, //The number of past hours you want to narrow your results to. The default value is 1.\n \"adversary-types\": [\"C2C\", \"Malware\", \"DGA\", \"Mining\", \"Spam\", \"Phishing\"] //Adversary types. If not specified, all objects are returned.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/spambox/adversaries/last?key=","description":"

Get a detailed list of adversarial hosts found on your Spambox, within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"f6f80826-f1be-463e-88d8-4ea1c389c52f","name":"Retrieve last Spambox adversaries","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200,\n \"adversary-types\": []\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"adversaries\": [\n {\n \"indicator\": \"http://mining.com\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n },\n {\n \"indicator\": \"http://mining.bg\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n }\n ],\n \"timestamp\": \"2021-04-28T18:33:42.071357Z\",\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 2,\n \"next\": 2\n }\n}"}],"_postman_id":"18702744-ddb2-4cbb-9bb2-dd6acf1d6ebc"},{"name":"Retrieve last Spambox adversaries","id":"fa8006a2-58a5-4c63-9232-cbf0ae2753d9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/spambox/adversaries/last?key=","description":"

Get a detailed list of adversarial hosts found on your Spambox, within a number of past hours.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries","last"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

Page number of the result set (default: 1)

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

Limit the number of results per page (default: 50, max: 100)

\n","type":"text/plain"},"key":"items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"74de8396-7f0a-4eae-bf16-aa0c46f89d70","name":"Retrieve last Spambox adversaries","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries/last?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&page=1&items=50&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries","last"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"page","value":"1","description":"Page number of the result set (default: 1)"},{"key":"items","value":"50","description":"Limit the number of results per page (default: 50, max: 100)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"adversaries\": [\n {\n \"indicator\": \"http://mining.com\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n },\n {\n \"indicator\": \"http://mining.bg\",\n \"info\": [\n {\n \"type\": \"Mining\",\n \"description\": \"CryptoMining domain\"\n }\n ]\n }\n ],\n \"timestamp\": \"2021-04-28T18:33:42.071357Z\",\n \"paginationInfo\": {\n \"page\": 1,\n \"items\": 2,\n \"next\": 2\n }\n}"}],"_postman_id":"fa8006a2-58a5-4c63-9232-cbf0ae2753d9"},{"name":"Retrieve last Spambox adversaries list","event":[{"listen":"prerequest","script":{"exec":["//this script removes comments in raw json data\r","var rawData = pm.request.body.raw\r","var strippedData = rawData.replace(/\\\\\"|\"(?:\\\\\"|[^\"])*\"|(\\/\\/.*|\\/\\*[\\s\\S]*?\\*\\/)/g, (m, g) => g ? \"\" : m)\r","console.info(strippedData)\r","pm.request.body.raw = strippedData "],"type":"text/javascript","id":"b7a0bbcb-9bbf-4b1a-bf99-4a04d496c22a"}}],"id":"08e38570-ce99-4b3a-b206-5327b1a44253","protocolProfileBehavior":{"disabledSystemHeaders":{"content-type":true},"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200 //The number of past hours you want to narrow your results to. The default value is 1.\n}","options":{"raw":{"language":"json"}}},"url":"https://defender.lumu.io/api/spambox/adversaries/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""}],"variable":[]}},"response":[{"id":"36a35e7d-b53d-49f1-9e8b-1d54dd69f237","name":"Retrieve last Spambox adversaries list","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"hours\": 200\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries/last/list?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&max-items=50","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries","last","list"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"50","description":"The maximum number of items that will be returned (default: 10, max: 10240)"}]}},"code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"http://fraud.ro\r\nhttp://phishing.com\r\nhttp://fake-site.com"}],"_postman_id":"08e38570-ce99-4b3a-b206-5327b1a44253"},{"name":"Retrieve last contacted Spambox adversaries list","id":"ca6fecdb-de0b-4fc1-9feb-8a5e0ad48530","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"https://defender.lumu.io/api/spambox/adversaries/last/list?key=","description":"

Get a list of adversarial hosts contacted within a number of past hours in plain text format.

\n","urlObject":{"protocol":"https","path":["api","spambox","adversaries","last","list"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"disabled":true,"description":{"content":"

The maximum number of items that will be returned (default: 10, max: 10240)

\n","type":"text/plain"},"key":"max-items","value":""},{"disabled":true,"description":{"content":"

The number of past hours you want to narrow your results to (default: 1)

\n","type":"text/plain"},"key":"hours","value":""}],"variable":[]}},"response":[{"id":"72c9c4bd-2a70-4c2a-ae33-eb2b94b1c150","name":"Retrieve last contacted Spambox adversaries list","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/spambox/adversaries/last/list?key=&max-items=50&hours=1","protocol":"https","host":["defender","lumu","io"],"path":["api","spambox","adversaries","last","list"],"query":[{"key":"key","value":"","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"max-items","value":"50","description":"The maximum number of items that will be returned (default: 10, max: 10240)"},{"key":"hours","value":"1","description":"The number of past hours you want to narrow your results to (default: 1)"}]}},"code":200,"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"http://fraud.ro\r\nhttp://phishing.com\r\nhttp://fake-site.com"}],"_postman_id":"ca6fecdb-de0b-4fc1-9feb-8a5e0ad48530"}],"id":"38fb93a4-ac2e-4ac5-8dfe-6114333c9d5d","description":"

The /spambox detailed compromise activity detected to adversaries found on your spambox, categorized according to threat type, regardless of being contacted or not. For the GET endpoint queries, the default values are used for all parameters. For getting started with Spambox, consult our documentation.

\n
\n

For the GET endpoint queries, the default values are used for all parameters.

\n
\n","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":[""],"id":"16c17b1d-4c01-4e7e-afd8-ec7302b88a7a"}},{"listen":"test","script":{"type":"text/javascript","exec":[""],"id":"4cddda21-7351-4e41-8aa6-f59a9530da21"}}],"_postman_id":"38fb93a4-ac2e-4ac5-8dfe-6114333c9d5d"},{"name":"Portal Management","item":[{"name":"Retrieve Audit Logs","id":"d6abf522-019f-47ef-84c3-0d125e2efc8c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://defender.lumu.io/api/administration/audit?key=&from-date=&to-date=&page=&items=","description":"

Get a paginated list of all administrative actions and system events within the company for auditing purposes.

\n","urlObject":{"protocol":"https","path":["api","administration","audit"],"host":["defender","lumu","io"],"query":[{"description":{"content":"

Your company's unique API key available at the Lumu Portal

\n","type":"text/plain"},"key":"key","value":""},{"description":{"content":"

Optional. Start of the time range. Default: now - 7 days, Min: now - 2 years. This value is inclusive.

\n","type":"text/plain"},"key":"from-date","value":""},{"description":{"content":"

Optional. End of the time range. Default/max: now - 5 minutes. Must be greater than from-date and within a 180-day window. This value is exclusive.

\n","type":"text/plain"},"key":"to-date","value":""},{"description":{"content":"

Optional. Page number of the result set (default: 1).

\n","type":"text/plain"},"key":"page","value":""},{"description":{"content":"

Optional. Limit the number of results per page (default: 100, max: 500).

\n","type":"text/plain"},"key":"items","value":""}],"variable":[]}},"response":[{"id":"9a26e207-d464-45b7-8b90-18ebe8e0867e","name":"Retrieve Audit Logs","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://defender.lumu.io/api/administration/audit?key=56a0fc30-a6de-85eb-8249-a117f0a9f8g3&from-date=2026-01-01T12:00:00Z&to-date=2026-01-30T12:26:00Z&page=1&items=1","protocol":"https","host":["defender","lumu","io"],"path":["api","administration","audit"],"query":[{"key":"key","value":"56a0fc30-a6de-85eb-8249-a117f0a9f8g3","description":"Your company's unique API key available at the [Lumu Portal](#access-and-authentication)"},{"key":"from-date","value":"2026-01-01T12:00:00Z","description":"Optional. Start of the time range. Default: now - 7 days. Max: now - 180 days. This value is inclusive."},{"key":"to-date","value":"2026-01-30T12:26:00Z","description":"Optional. End of the time range. Default/max: now - 5 minutes. Must be greater than from-date and within a 180-day window. This value is exclusive."},{"key":"page","value":"1","description":"Optional. Page number of the result set (default: 1)."},{"key":"items","value":"1","description":"Optional. Limit the number of results per page (default: 100, max: 500)."}]}},"_postman_previewlanguage":"Text","header":[],"cookie":[],"responseTime":null,"body":"{\r\n \"timestamp\": \"2026-01-30T17:51:50Z\",\r\n \"paginationInfo\": {\r\n \"total\": 8,\r\n \"page\": 1,\r\n \"items\": 1,\r\n \"next\": 2\r\n },\r\n \"items\": [\r\n {\r\n \"timestamp\": \"2026-01-08T20:28:07Z\",\r\n \"action\": \"User Logged In\",\r\n \"performer\": {\r\n \"email\": \"smunoz@lumu.io\",\r\n \"name\": \"Super Admin\",\r\n \"role\": \"admin\",\r\n \"id\": 1\r\n },\r\n \"details\": {\r\n \"name\": \"Super Admin\",\r\n \"role\": \"admin\",\r\n \"email\": \"smunoz@lumu.io\",\r\n \"company_id\": \"17749bd8-9310-4c89-b7bc-b5d1babf282a\",\r\n \"previous_login\": \"2025-12-31T15:18:22.467Z\"\r\n }\r\n }\r\n ]\r\n}"}],"_postman_id":"d6abf522-019f-47ef-84c3-0d125e2efc8c"}],"id":"3ca8398a-4db8-4fde-bf63-8151b705f167","description":"

The Lumu Portal records the activities and configurations made on the Portal, allowing administrators to keep track of the changes and ensure compliance with your company’s policies.

\n","_postman_id":"3ca8398a-4db8-4fde-bf63-8151b705f167"}],"event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":[""],"id":"d6560bf3-7995-4c6a-a2eb-0ae998effd40"}},{"listen":"test","script":{"type":"text/javascript","exec":[""],"id":"ffe162f1-c1d0-46bc-9f20-fc7ed1c5d630"}}],"variable":[{"key":"company-key","value":""}]}