- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
In June, we introduced two powerful new detection filter operators - Regex and Between - to give you greater precision when tuning detections, including the ability to filter full IP ranges. We also added parsing for 1Password logs, unlocking new reporting capabilities for audit, sign-in, and item usage events. On the detection front, we released two new Windows rules, including one that identifies potential installer interference, and updated two Microsoft 365 rules to improve accuracy and clarity. We also resolved several bugs, including issues with data mismatches in reports, incorrect endpoint usage calculations, and log duplication in Mimecast.
Feature and Platform Updates
Detection Filters:
-
Regex Operator: We added the Regex operator to our detection filter options, which requires re2 syntax, and is the same operator many users already use in Report Builder.
-
Between Operator: We introduced the Between operator, making it easier to filter entire IP ranges without relying the Contains operator to filter multiple IP values within a range.
1Password Parsing: We added parsing for the 1Password integration, and the following data types are now available for reporting:
-
1Password Audit
-
1Password Item Usage
-
1Password Signin
Detection Updates
Log Type | Details |
---|---|
Windows | NEW - Unexpected Taskkill on MSIEXEC by User This detection monitors for when a user unexpectedly runs the taskkill command to terminate the Windows Installer process MSIEXEC, which may be an indicator of attackers interrupting legitimate installers. This tactic has been observed in attempts to interrupt SentinelOne installers during installs or upgrades. Default state: Enabled |
Windows |
NEW - Remote Access Tool: UltraViewer This new detection rule triggers a finding whenever the remote access tool UltraViewer is seen being used on a device. If your organization does not use UltraViewer as part of its approved remote management toolkit, the activity needs to be investigated as potentially malicious. Default state: Enabled |
Microsoft 365 | UPDATE - Enabling of Forwarding Setting to External Domain in M365 We updated this detection rule to account for log formatting changes that were causing missed true positives. |
Microsoft 365 | UPDATE - MS365 Sharepoint 100 or more file deletions in X minutes We renamed the "MS365 Sharepoint 100 or more file deletions in X minutes" detection rule to "Microsoft 365: Sharepoint 100 or more file deletions in X minutes" for clarity and adjusted the logic to reduce false positives and provide responders with more detailed information about the file names. |
Bug Fixes and Improvements
Bug Fixes-
Future-Dated Timestamps - We resolved an issue where future-dated timestamps in some JumpCloud logs were causing integration failures.
-
Data Mismatch - We fixed a bug that was causing a discrepancy between the data shown on the “Top Threat Types” chart in the Security Dashboard and what appears upon click-thru to the full report in Report Builder.
-
Byte Management - We fixed an issue that was causing incorrect calculations in "Blumira: Endpoints By Data Generated" and "Top Endpoints By Data Generated" reports after moving from using the compressed
raw_zlib_bytes
toraw_log
file size. -
Mimecast Log Duplication - We fixed a log duplication issue that was occurring in the v2 Mimecast integration.
-
Truncated Findings - We fixed an issue with truncated findings showing [object Object] on the Summary Dashboard.
May 2025 Release Notes
In case you missed the May updates, you can find and review those notes here.
Tag(s):
Product Updates
Eric Pitt
Eric is a Product Marketing Manager at Blumira focusing on customer research and positioning to continuously improve the Blumira platform.
More from the blog
View All Posts
Product Updates
11 min read
| August 5, 2025
July 2025 Product Releases
Read More
Compliance Security Frameworks and Insurance
7 min read
| July 17, 2025
Blumira's Compliance Reports: Making Audit Assessments a Breeze
Read More
Product Updates
5 min read
| July 15, 2025
Streamline Your SecOps with the New Blumira API
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.