Lucidum has been acquired by Cyderes → [Read the announcement]

Lucidum has been acquired by Cyderes → [Read the announcement]

View Categories

Overview of the Lucidum Data Model

Estimated Reading Time: 4 min read

What is the Lucidum Data Model? #

lucidum_data_model_graphic.png

Input: Lucidum Connectors #

Lucidum integrates with other software and platforms via Connectors.

Connectors allow Lucidum to ingest data from your environment. Lucidum includes pre-built connectors for the most commonly used solutions for security, vulnerability scanning, cloud, data warehouse, identity management, logs, network, endpoint management, IP management, file sharing, and devops.

To configure a connector, you provide credentials that allow Lucidum secure, read-only access to a deployed solution.

The more connectors you configure, the better your data set.

Best Practices for Connectors #

To uncover all information in your environment, Lucidum recommends you configure Lucidum connectors for all of the solutions that you use. For example:

  • The directory solutions in your environment (for example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP)
  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)
  • The SSO solutions and identify and access management (IAM) solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)
  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)
  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)
  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)
  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)
  • The Endpoint Protection solutions in your environment (for example, Microsoft Defender for Endpoint, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon)
  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)
  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Trend Micro Cloud One, Sophos Central)
  • The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, Microsoft Defender, Qualys, Rapid7, Tenable, Vulcan)
  • The SIEM solutions in your environment (for example, Splunk, Trellix, Exabeam, QRadar, Microsoft Sentinel)

Process: Lucidum ML and AI #

Lucidum uses ingested data, machine learning algorithms (ML), rules-based algorithms, network graph analysis, text mining, and data classification models to normalize data, deduplicate records, find relationships between assets, users, and data, and define risk scores.

Core Model: Lucidum Data Group (LDG) and Raw Data #

Lucidum Data Group #

Lucidum stores all the normalized, deduplicated, enriched records in the Lucidum Data Group (LDG). The LDG includes data about assets, users, security posture, security policies, threats, vulnerabilities, compliance, and datastores.

The LDG is the heart of Lucidum.  The LDG powers direct queries, actions (automations), dashboards, API queries, and SmartLabels.

Data Source: Semi-Raw Data #

All the data in Lucidum has been passed through Lucidum AI/ML before it reaches the Lucidum UI. However, there are some processed fields that are not further processed and included in the Lucidum Data Group. You can view these less-processed fields in the Data Sources page and in the Data Sources tab for individual assets and users.

Output: Action & Consumption #

After Lucidum ingests data from your environment, you can use that data in:

  • Queries. Queries and filters are tools that search the database in Lucidum to find data that meets your specifications. You can then include the results in Dashboards, Actions, webhooks, and SmartLabels.
  • SmartLabels. SmartLabels allow you to apply custom business rules to Lucidum data. You can use data from the Lucdidum Data Group or semi-raw data and transform the data to your needs. For example, you can concatenate ingested data, apply a regular expression to ingested data, and perform mathematical actions like addition, division, subtraction, and multiplication on ingested data. The SmartLabel then appears as a standard Lucidum field that you can include in queries and use in Dashboards and Actions.
  • Dashboards. A Lucidum Dashboard is a page that displays one or more graphical charts. Each chart appears in its own pane and displays graphs, tables, and text. Each dashboard provides at-a-glance visibility into the assets, users, and data in your environment and the policies or compliance that matters most to you. Lucidum includes pre-built dashboards (Value-Oriented Dashboards) and allows you to build custom dashboards.
  • Actions. Actions are automations that are triggered by query results. Actions include sending email messages, posting a message to slack, creating tickets, isolating infected devices, or making changes to Active Directory, among other options. Lucidum includes specific actions for common applications and allows you to create custom actions with webhooks.
  • API requests. Allows you to programmatically retrieve data from Lucidum for use in other systems.

What are your Feelings