Skip to content
Search
Get A Demo
Try For Free
    Get A Demo
    Try For Free
      June 11, 2024

      Security Detection Update – 2024-6-11

      Welcome to our security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

      Introduction and Overview

      We've missed you!! Hopefully you've missed these posts as well. We appreciate your patience as we work through a ton of internal process and technology changes!

      New/Modified Detections

      This update introduces:

      Azure: Trusted Location Added or Modified

      A trusted location being added or modified within your Entra instance. Trusted locations are used in conjunction with Conditional Access to help streamline authentication processes. Threat actors can abuse this to create instances where it can become possible to bypass MFA and other authentication controls. This is often used to weaken or impair your controls or gain persistence.

      • Status: Enabled
      • Log type requirement: Azure Directory Audit

      Mimecast: User Clicked Questionable Link - Blocked

      A user click action against a URL categorized as malicious by Mimecast Targeted Threat Protection has been identified and access to the URL was blocked. This detection was majorly modified and split into the original "Blocked" detection and the one below.

      • Status: Default Disabled
      • Log type requirement: Mimecast

      Mimecast: User Clicked Questionable Link - Allowed or Warned

      A user click action against a URL categorized as malicious by Mimecast Targeted Threat Protection has been identified and the user has been allowed or warned and elected to continue to the URL.

      • Status: Enabled
      • Log type requirement: Mimecast
      Tag(s): SIEM XDR , Product Updates , Blog , Product Release Notes , Detection Update

      Amanda Berlin

      Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...

      More from the blog

      View All Posts
      Product Updates
      11 min read | August 5, 2025

      July 2025 Product Releases

      Read More
      New Blumira Pre-built Compliance Reports
      Compliance Security Frameworks and Insurance
      7 min read | July 17, 2025

      Blumira's Compliance Reports: Making Audit Assessments a Breeze

      Read More
      Blumira API
      Product Updates
      5 min read | July 15, 2025

      Streamline Your SecOps with the New Blumira API

      Read More