- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
Welcome to our security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.
Introduction and Overview
Welcome back for another round of "Catch That Threat Actor". I'm your host Amanda Berlin and we have a great detection for you today with some chilly vibes!
New Detections
This update introduces:
Midnight Blizzard Suspicious RDP File Created
A detection to find those sneaky Midnight Blizzard IoCs! If you hadn't heard there have been active campaigns from the Russian threat actor group "Midnight Blizzard" who have been sending targeted phishing campaigns with .rdp files that would expose sensitive information by mapping local resources to a remote server.
- Status: Enabled
- Log type requirement: Windows or Blumira Agent for Windows
- For more information, see Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
MS365 Sharepoint: 500 or more file deletions in 15 minutes
This is one of those that speaks for itself with our next-gen-intuitive-detection-titles
- Status: Disabled
- Log type requirement: MS365 Sharepoint
Amanda Berlin
Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...
More from the blog
View All Posts
Product Updates
11 min read
| August 5, 2025
July 2025 Product Releases
Read More
Compliance Security Frameworks and Insurance
7 min read
| July 17, 2025
Blumira's Compliance Reports: Making Audit Assessments a Breeze
Read More
Product Updates
5 min read
| July 15, 2025
Streamline Your SecOps with the New Blumira API
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.