June 12, 2024

May 2024 Product Release Notes

Release Notes Summary

In May, we announced new subscription options for folks that are currently on our Free SIEM edition and want the ease of monthly commitments with the benefits of features like Blumira Agent and Security Operations and Technical Support. We also added a 1Password integration to our growing list of Cloud Connectors, and improved how new Microsoft 365 integrations are validated to ensure long-term stability.

Feature and Platform Updates

Self-Service Subscriptions: Organizations currently on the Free SIEM edition who want the ease of purchasing and managing billing options directly in the app without a large annual commitment can upgrade to SIEM Starter or SIEM Starter + Compliance, detailed here. To review the new options in the app, navigate to the Billing page (Settings > Billing) and then update your subscription and billing information in Blumira if interested.
New Cloud Connector: Our new 1Password integration helps you collect and centralize your password manager logs to increase your visibility of activity and meet compliance needs.

Detection Updates

Log Type	Detection Details
SonicWall Traffic	SonicWall: Login Failure We deprecated this original indicator detection rule and replaced it with the windowed detection rule described below. This original rule was generating findings with excessive numbers (many thousands) of rows of evidence, which led to crashes and prevented finding resolution in the app.
SonicWall Traffic	NEW - SonicWall: 5 or More Login Failures in 15 Minutes This new windowed detection rule replaces the “SonicWall: Login Failure” rule. It triggers a finding when there are five or more login attempts that fail on a device within a 15-minute window.
HTTP Access (Apache/IIS/NginX)	ConnectWise ScreenConnect SetupWizard Authentication Bypass CVE-2024-1709 We lowered the priority of this detection from a P1 to a P3 Threat.

Bug Fixes and Improvements

We added clear messaging in the Blumira Investigate results window when there are no results for the search so users are not left wondering whether the page is blank due to a loading error.

We released several improvements to error handling during the configuration of M365, SentinelOne, Google Workspace, and OneLogin Cloud Connectors. Users now see actionable errors and troubleshooting help when a new integration fails to successfully connect.