Continuous Monitoring

Category	Requirement	CSCC	SAMA CSF	ECC-1
Continuous Monitoring	Continuous inventory of IT assets and continuous monitoring of security posture and controls	2-11	3.3.14	2-3-4 2-12-1 2-12-2 2-12-3 2-12-4 5-1-3-3

You can trigger Lucidum to update data as frequently as needed. This includes ingesting new data and updating existing dashboards and queries.

You can also create automated actions that aid continuous monitoring. These actions can run as frequently as needed.

These automated actions include sending data to slack, sending data via email, creating Jira tickets, creating ServiceNow CIs, and performing automatic mitigation tasks.

Actions for Active Directory #

Lucidum includes the following Actions for Active Directory:

Change Computer Group. Changes the AD group membership for one or more assets.
Disable Computer. Disables one or more computer objects in AD. When a computer object is disabled in AD, domain accounts cannot log in to the computer.
Enable Computer. Enables one or more computer objects in AD. When a computer object is enabled in AD, domain accounts can log in to the computer.
Change Computer OU. Changes the AD OU (organizational unit) for one or more computers.
Change User Group. Changes the AD group membership for one or more users.
Disable User. Disables one or more user objects in AD. When a user object is disabled in AD, the user cannot log in to the domain.
Enable User. Enables one or more user objects in AD. When a user object is enabled in AD, the user can log in to the domain.
Change User OU. Changes the AD OU (organizational unit) for one or more users.

Actions for AWS EC2 #

Lucidum includes the following Actions for AWS EC2:

Stop Instance. Stops one or more AWS instances. For details on what happens when you stop an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-stop/.
Start Instance. Starts one or more previously stopped AWS instances. For details on what happens when you start an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-start/.
Tag Instance. Adds a tag (descriptive key: value pair) to one or more AWS instances. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.
Untag Instance. Removes a tag (descriptive key: value pair) from one or more AWS instances. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

Actions for Automox #

Lucidum includes the following Actions for Automox:

Patch Device. Applies all available software patches to one or more devices.
Reboot Device. Reboots one or more devices.

Actions for CrowdStrike Falcon LogScale #

Lucidum includes the following Actions for Crowdstrike Falcon LogScale:

Send Data to LogScale. Sends a custom set of Lucidum data to LogScale.

Actions for Elastic Cloud #

Lucidum includes the following Actions for Elastic Cloud:

Send to Elastic Cloud Index. Sends a custom set of Lucidum data to Elastic Cloud.

Actions for Email #

Lucidum includes the following Actions for Email:

Send Email. Sends data about one or more assets or users to one or more recipients.

Actions for Google Chronicle #

Lucidum includes the following Actions for Google Chronicle:

Send Data. Sends a custom set of Lucidum data to Google Chronicle.

Actions for HappyFox Help Desk #

Lucidum includes the following Actions for HappyFox Help Desk:

Create HappyFox Ticket. Create or update a ticket in HappyFox. The HappyFox action can customize the category, subject, message, and other fields.
Create HappyFox Asset. Map Lucidum data to asset data in HappyFox Help Desk.

Actions for Hunters #

Lucidum includes the following Actions for Hunters:

Send Data. Sends a custom set of Lucidum data to Hunters.

Actions for Jira Cloud Platform #

Lucidum includes the following Actions for Jira Cloud:

Create Jira Issue. Creates a Jira issue. For each record that matches the base query, the output fields are attached to the Jira ticket.
Creates a Jira Asset. Creates a Jira asset in Jira Service Management.

Actions for Microsoft Defender #

Lucidum includes the following Actions for Microsoft Defender:

Isolate Machine. Disconnects one or more devices from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device.
Unisolate Machine. Reconnects one or more devices to the network.

Devices that are behind a full VPN tunnel won’t be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. Microsoft recommends using a split-tunneling VPN for Microsoft Defender for Endpoint traffic.

Actions for Microsoft Sentinel #

Lucidum includes the following Actions for Microsoft Sentinel:

Send Data. Sends a custom set of Lucidum data to Microsoft Sentinel.

Actions for Microsoft Teams #

Lucidum includes the following Actions for Microsoft Teams:

Post on Teams. Sends a custom set of Lucidum data to Microsoft Teams.

Actions for Opsgenie #

Lucidum includes the following Actions for Opsgenie:

Create Alert. Send an alert from Lucidum to Opsgenie. Opsgenie will deliver the alert according to its policies.

Actions for Rapid7 #

Lucidum includes the following Actions for Rapid7: #

Create a New List of IPs/Hosts for Scanning. Send a list of IPs/host names to Rapid7 for scanning.

Actions for ServiceNow #

Lucidum includes the following Actions for ServiceNow:

Create ServiceNow Assets (IRE API). Creates one or more new configuration items (CIs) in ServiceNow.
Create/Update ServiceNow Assets (IRE API). Creates one or more new configuration items (CIs) in ServiceNow. If the one or more of the CIs already exist, this action updates the existing CIs.

Actions for Slack #

Lucidum includes the following Actions for Slack:

Post on Slack. Sends data (outputfields) from the specified records (from the base query) to a slack channel.

Actions for Snowflake #

Lucidum includes the following Actions for Snowflake:

Send Data. Sends a custom set of Lucidum data to SnowFlake.

Actions for Splunk #

Lucidum includes the following Actions for Splunk:

Send Data. Sends a custom set of Lucidum data to Splunk.

Actions for Sumo Logic #

Lucidum includes the following Actions for Sumo Logic:

Send Data. Sends a custom set of Lucidum data to Sumo Logic.

Actions for Tenable Vulnerability Management #

Lucidum includes the following Actions for Tenable Vulnerability Management:

Send to Tenable Vulnerability Management Assets. Sends a custom set of Lucidum data to Tenable Vulnerability Management to import as assets.
Launch Tenable Vulnerability Management Scan. Launches a scan in Tenable Vulnerability Management with a specified list of assets.
Add to Tenable Vulnerability Management Target Group. Adds a list of assets to a target group in Tenable Vulnerability Management . A target group includes a list of targets to scan.

Webhooks #

Lucidum allows you to create custom actions using webhooks.

Solutions

COMPANY

Resource Library