Lucidum includes a feature called Actions. Actions are automations that are triggered by query results.
Actions include sending email messages, posting a message to slack, creating tickets, isolating infected devices, or making changes to Active Directory, among other options.
For example, you can define an action that sends an email to the IT team if Lucidum discovers one or more assets without endpoint protection.
Lucidum also includes a type of action for webhooks.
Webhooks are one-way messages that are sent from Lucidum to another application or solution.
Webhooks include a message, also called the “payload”. In Lucidum, the payload is in JSON format and includes one or more records retrieved from Lucidum with a query.
Webhooks are sent to a unique URL on an application or solution that listens for webhooks
Webhooks can be event driven, sent manually, or scheduled.
Lucidum can run headless, providing all the benefits of Lucidum without requiring your IT team to learn a new interface. Using webhooks, Lucidum can send data from the Lucidum platform to other solutions in your environment.
Webhooks are especially useful for integrations with SIEMs and data lakes. For example, you could send a webhook that contains information about all newly discovered assets from Lucidum to a SumoLogic instance. SumoLogic could then display this information in a dashboard.
Workflow for Creating Webhooks in Lucidum
To create a webhook in Lucidum, follow these steps:
In the Action Center, create a webhook configuration. This includes the URL to send the webhook payload to.
In the Query Builder, create a query that finds the data you want to send in the payload.
In the Action Center, define the webhook action that sends the payload.
Webhook Limits in Lucidum
Each webhook action can include up to 5,000 records.
You can trigger webhook actions to run as frequently as every hour. Hourly is the highest frequency.
You can schedule up to 50 webhook actions to run simultaneously.