LMNTRIX Intelligent Security Assistant (LISA) | LMNTRIX Assistant | Security as a service

Meet LISA - LMNTRIX on Alexa

LMNTRIX Intelligent Security Assistant

Your voice-activated Cyber Command and Control

Ask for a flash briefing

Drill into incidents

Contain validated breaches

Receive incident notifications
direct to your device

Discover investigative actions
you need to take

ASK ABOUT YOUR ADVERSARIES' TTP

Ascertain if an attack
is targeted or opportunistic

just ask LISA

LISA, short for LMNTRIX Intelligent Security Assistant,
is the voice extension of the LMNTRIX Active Defense enterprise cybersecurity solution.
LMNTRIX clients can ask LISA about their current security posture, flash briefings, incident details
as well as ask LISA to contain ongoing active threats on their network.

Introducing LISA – LMNTRIX on Alexa

LISA, short for LMNTRIX Intelligent Security Assistant, is the voice extension of the LMNTRIX Active Defense enterprise cybersecurity solution. LMNTRIX clients can ask LISA about their current security posture, flash briefings, incident details as well as ask LISA to contain ongoing active threats on their network.

Skill Details

• Invocation Name: LMNTRIX (pronounced ‘elementrix’)
• Rated: Guidance Suggested. This skill contains dynamic content
• Privacy Policy (>>>)
• This skill requires account linking. Account linking works with the Alexa profile that is logged in. If you have multiple profiles on the LMNTRIX Grid, say “Alexa, switch profiles” to switch profiles on your device

How to enable LISA

Before we get started, make sure that you have already installed the “Amazon Alexa” app from the app store onto your device and you have setup and logged into your Amazon Echo device of choice.

To get started, enable the LMNTRIX skill and link it to your LMNTRIX account (supplied to you by the LMNTRIX Cyber Defense Center). As an extra layer of security, you will be required to create a personal key (PIN).

Follow these steps to complete the process:

1) Select “Skills & Games” from the Alexa app menu
2) Now search for the “LMNTRIX” skill – use the magnifying glass on the top right hand corner of the page
3) Select “ENABLE TO USE”
4) Accept to receive “Alexa Notifications” and “Save Settings”
5) Enter your LMNTRIX Grid username (email) and press “VERIFY EMAIL”
6) Now switch to your email and copy the PIN we have emailed you and paste it into the password field and press “SIGN IN”. Be patient as the email may take up to a minute to arrive (also check your junk mail)
7) If successful, you should see a page telling you that “LMNTRIX has been successfully linked.” Otherwise, repeat the process or contact LMNTRIX for further assistance
8) The skill is now ready to use for the first time. You can either use the Alexa app or your Echo device to communicate with LMNTRIX

To use the Alexa app on your device, select the circular Alexa icon on the bottom center from within the Alexa app and say “Alexa ask LMNTRIX ….” followed by your question or “Alexa open LMNTRIX”, and once the session is open you may ask any question from the supplied list below.

LISA Use Cases

Waking up to an incident

It’s Saturday morning, you wake up to see the blue light on top of your Echo indicating you’ve had some incident(s) overnight. You then connect to LMNTRIX and ask Alexa “What happened overnight?”.

Once you hear the incidents, you choose which is of interest and drill down into it by saying “What are the details of incident #?”.

If you have elected to review your IOC’s (IP, domain, URL) before containing threats, and if there are threats to contain, then Alexa will ask you “Would you like to review your threat containment options?” to which you answer “Yes”.

After Alexa reads your IOC’s it will ask you “Would you like me to contain the threat?” to which you can answer “Yes”, assuming you’re happy with the IOC’s and they don’t pose a risk or a false positive.

The LMNTRIX Grid will then push the IOC’s to your firewalls to a pre-defined blocking policy and shortly after Alexa will say “The threat has been contained and the incident updated”.

At this point you have managed to stop the breach and reduce any possible data exfiltration in progress without leaving your bed or engaging anyone else from your security team – using only your voice.

You can repeat the process for any additional threats, ask any other questions, or log out by saying “Alexa stop”.

Board Communication

As a Security Manager or 'CISO' you’re able to give your board members a snapshot of your security status using the Alexa Echo or your phone.

Simply say, “Alexa, give me a snapshot of my security”.

Then say, “How many validated incidents did we have today?" "Or last week? Last month? To date?"

Then say, “Give me an incident summary”.

After you hear your incident summary, you can continue with additional questions or say, “Alexa stop”.

Dinner with the family

You’re at dinner with the family, you receive an incident notification on your phone from the Alexa app. You open the Alexa app and click on the Alexa icon then ask Alexa to “Read my notifications”.

Once you hear the incident heading and priority, it sounds serious, so you elect to hear more details by asking “What are the details of incident #?”

If you have elected to review your IOC’s (IP, domain, URL) before containing threats, and if there are threats to contain, then Alexa will ask you “Would you like to review your threat containment options?” to which you answer “Yes”.

After Alexa reads your IOC’s it will ask you “Would you like me to contain the threat”? to which you can answer “Yes”, assuming you’re happy with the IOC’s and they don’t pose a risk or a false positive.

The LMNTRIX Grid will then make the necessary change to your perimeter firewall(s) to stop the breach and shortly after Alexa will say “The threat has been contained and the incident updated”.

At this point you have managed to stop the breach and reduce any possible data exfiltration in progress while out at dinner with the family and without engaging anyone else from your security team – using only your voice.

You can repeat the process for any additional threats, ask any other questions or log out by saying “Alexa stop”.

Questions to ask LISA

You can ask LMNTRIX about your cybersecurity status, including a whole host of various details and information.

Once you’ve enabled the skill, say “Alexa ask LMNTRIX ….” Or “Alexa open LMNTRIX ….”, or simply ask your question while your LMNTRIX session is still open.

General Security Status Related Questions

Q1) What is my security status?

Q2) What is my threat level?

Q3) Alexa, why is my security status Low/Medium/High?

Q4) What is my security posture?

Q5) Why is my security posture Low/Medium/High?

Q6) What is my executive/security summary? Or any of the below will produce the same response:

Alexa, what is my flash/morning briefing?

Give me my security report.

Give me a snapshot of my security.

What is going on with LMNTRIX?

Q7) What happened overnight? Or any of the below will produce the same response:

What happened in the past 24 hours?

Tell me about my security incidents from the past 24 hours?

Tell me about my recent incidents?

What’s new?

Q8) Can I have the security details? Or any of the below will produce the same response:

What are my open incidents?

Give me an incident summary.

Give me a summary of all my open incidents.

Can I have a summary of all my incidents?

Give me the headings of all my incidents.

Give me the name of all my incidents.

Incident Specific Questions

Q1) What are the details of Incident # or number #? Or What is the Incident summary for Incident # or number #?

Q2) With regards to Incident #, what is it?

Q3) With regards to Incident #, where is it?

Q4) With regards to Incident #, when did it get here? Or any of the below will produce the same response:

When did we get hacked?

When did we get infected?

Q5) With regards to Incident #, how did it get here? Or the below will produce the same response:

How did we get infected?

Q6) With regards to Incident #, how did we detect it? Or the below will produce the same response:

How was it detected?

Q7) With regards to Incident #, what was the threat lifecycle?

Q8) With regards to Incident #, what are the Investigative Actions? Or any of the below will produce the same response:

What are the recommendations?

What actions should we take?

Q9) With regards to Incident #, what was the detection method?

Q10) With regards to Incident #, what was the threat vector?

Incident Status Related Questions

Q1) Which current/open incidents are being investigated?

Q2) How many current incidents are being investigated?

Q3) How many current incidents are waiting for reply?

Q4) What is the status of all my/our open incidents?

Q5) What is my status and/or status summary?

Incident Priority Related Questions

Q1) What is the priority of my/our incidents?

Q2) What are my low/medium/high/urgent priority incidents?

Q3) How many of my open incidents have a low/medium/high/urgent priority? Or
How many high priority incidents do I/we have?

Incident Threat Lifecycle Related Questions

The cyber kill chain includes the following phases you can question: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control and Actions on Objective.

The questions below use the “Delivery” phase as an example. You may replace “Delivery” with any of the seven kill chain phases above.

Q1) Which open/closed incidents have a Threat Lifecycle of Delivery?

Q2) Which incidents have a Threat Lifecycle of Delivery?

Q3) How many incidents (or open/closed incidents) were detected at the Delivery Threat Lifecycle? Or any of the below will produce the same response:

How many incidents have a Delivery Threat Lifecycle?

How many incidents have a Threat Lifecycle of Delivery?

How many incidents were detected at the Delivery phase of the kill chain?

Incident Threat Vector Related Questions

The Mitre ATT&CK framework includes the following tactics you can question: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration and Impact.

The questions below use the "Execution" phase as an example. You may replace “Execution” with any of the 12 tactics above.

Q1) Which open/closed incidents have a Threat Vector of Execution?

Q2) How many incidents (or open/closed incidents) were detected at the Execution Threat Vector? Or any of the below will produce the same response:

How many incidents have an Execution Threat Vector?

How many incidents have a Threat Vector of Execution?

How many incidents were detected at the Execution phase of the Mitre attack?

Incident Attack Type Related Questions

Attack Type options can be: Opportunistic, Targeted and Unknown

Q1) How many open incidents are Opportunistic/Targeted/Unknown? Or the below will produce the same response:

How many open incidents have an attack type of Targeted?

Q2) Which open incidents are Opportunistic/Targeted/Unknown?

Incident Breach Validation Status Related Questions

Breach Validation Status options can be: Validated, False Positive and False Negative.

In the example below we have used the "Validated" status.

Q1) How many "Validated" incidents did I have today? (Or last week? Last month? To date?)

Incident Volume & Time Related Questions

Q1) How many incidents/tickets were closed/resolved for the month of June? (You may replace ‘June’ with any month).

Q2) How many incidents/tickets were closed this month?

Q3) How many tickets/incidents were closed last month?

Q4) How many tickets/incidents were closed this year?

Q5) How many tickets/incidents to date? Or the below will produce the same response:

How many tickets/incidents so far?

How many tickets/incidents in total?

How many tickets/incidents in the system?

How many incidents have been detected in total?

Q6) What is the average time it took to close incidents this month/last month/to date?

Q7) Which incident has been open the longest?

Q8) How many incidents took more than 48 hours to close this month/last month/to date?

LISA being Funny

Q1) Alexa, am I (PCI DSS, ISO27001, ISO27017, ISO27018, ISO9001, GDPR, GLBA, ASD, DSD, IRAP, MTCS Tier 3, NIST, FIPS, FISMA, Fedramp, CSA, HIPAA, SOC, SOC2 or SOC3) compliant/certified?

Q2) Alexa, who’s the best cybersecurity company in the world/galaxy?

Q3) Alexa, which MDR do other MDRs use for their own security?

Q4) Alexa, which actress does a SIEM remind you of?

Q5) Alexa, should I invest in a SIEM?