- Product
Kindling
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
This month's releases include new detections for Google Workspace account compromise, Windows symbolic link abuse, and Bitdefender threat events. We also improved the Entra ID Conditional Access Policy detection to reduce false positives from Microsoft's background policy management. On the integration side, we fixed several issues in the Autotask two-way PSA integration, improved PSA setup error messaging, and added organization name context to case notifications.
Detection Updates
| Log Type | Details |
|---|---|
| Google Workspace | NEW - Google Workspace: Account Suspended for Spam or Hijacking This new detection identifies Google Workspace audit events indicating an account has been suspended due to spam activity or account hijacking. These events fire when Google's automated systems detect abuse, providing early visibility into compromised or weaponized accounts in your Google Workspace environment. Default state: Enabled |
| Windows | NEW - Symbolic Link or Junction Creation to System Path This new detection identifies use of the mklink command to create symbolic links or directory junctions pointing to or from Windows system paths such as System32, Program Files, SysWOW64, and ProgramData. Attackers use this technique to redirect execution paths, masquerade as trusted system processes, or bypass security tools that whitelist processes running from known system locations.Default state: Enabled |
| Bitdefender | NEW - Bitdefender: Antimalware Threat Detected on Host This new detection identifies Bitdefender antimalware log events indicating a threat was detected and action was taken on an endpoint. It surfaces Bitdefender threat activity within Blumira findings, giving teams with Bitdefender deployed a centralized view of endpoint security events alongside other log sources. Default state: Disabled |
| Microsoft 365 | UPDATE - Entra ID: Conditional Access Policy Added/Modified/Deleted We improved detection logic to reduce false positives generated by Microsoft Managed Policy changes, which were surfacing legitimate admin account names as the apparent actors behind automatic background policy updates. |
Bug Fixes and Improvements
Bug Fixes
- Autotask PSA - Integration Setup Stuck State: We fixed a bug where a failed Autotask API call during MSP PSA integration setup could leave the integration in a broken state that prevented any future configuration changes.
- Autotask PSA - API Rate Limiting: We fixed a bug where a per-instance field info cache caused some Autotask API calls to exceed thread thresholds and fail.
- Autotask UI - ConnectWise References: We fixed lingering references to ConnectWise that appeared in the Autotask PSA configuration interface.
- Agent Configuration - Description Field: We fixed a bug where the Agent Detail description field was only visible on certain license editions.
Improvements
- Autotask PSA - Setup Error Messages: We improved error messages during MSP PSA integration setup, making it easier to diagnose connection and permission failures.
- Case Notifications - Org Name: Case notifications now include the organization name, helping teams in multi-tenant environments quickly identify which organization triggered an alert.
April 2026 Release Notes
In case you missed the April updates, you can find and review those notes here.
Amanda Berlin
Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...
More from the blog
View All PostsSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.