Simplifying Security: Detection Rule Management

A major part of our ethos at Blumira is to simplify security for small to mid-sized businesses (SMBs) and busy IT administrators juggling both IT and security tasks at these organizations. SIEMs often spit out too many noisy false-positive alerts that make it hard to understand what’s critical and requires attention; resulting in missed or delayed opportunities to resolve threats.

Our platform comes with detection rules tuned for noise and applied automatically to your account, based on the third-party integrations you’ve set up with Blumira and the logs you send to our service. 

Now it’s even easier for admins to manage those detection rules with the click of a button – in our new Detection Rule Management interface, you can see every detection rule applied and active in your account. Access your complete rule set under Settings > Detection Rules.

Click on any rule to get more information, including:

• The name of the detection rule
• A clear summary of the analysis and what the rule means
• What the workflow looks like – or playbook for response
• What the default state of your rule is (enabled or disabled)

Stay tuned for even more customizability coming soon from Blumira!

Blumira’s Focus on Eliminating Noise and Surfacing Real Threats

Blumira takes a radically different approach to defensive security to focus on what’s critical and urgent, instead of sending you tons of noisy alerts. This results in better security outcomes for your organization.

Our incident detection engineering team strives to:

• Create actionable intelligence and automate level 1 SOC duties into the alert analysis and workflows
• Test every detection rule in lab environments, tuning it for noisy false positives before rolling it out to our platform to reduce alert fatigue
• Consolidate all correlated logs and evidence under open findings, instead of opening multiple findings to significantly reduce alert volume and give additional context for repeat alerts
• Prioritize every finding automatically by different threat levels to make sure Priority 1 Threat alerts get the attention they deserve

We do the heavy lifting for you to make it as easy as possible for your IT team to manage on a daily basis. Our engineering and SecOps team takes care of many typically-manual SIEM duties to reduce the burden on your team:

• Developing and maintaining data parsers
• Gathering and subscribing to threat intelligence feeds
• Writing, testing, tuning and updating detections weekly
• Creating new third-party integrations
• Helping create security reports
• Custom detection rule development
• Onboarding assistance with sensor setup
• Log flow troubleshooting
• Expert security advice when you need it the most

Blumira’s security operations team is always available to help you when you need more guidance on understanding alerts or incident response.

Making Security Accessible to All: Blumira’s Editions

Our new Detection Rule Management feature and 24/7 SecOps team support for critical priority issues is available for all paid editions, including Microsoft 365, Cloud and Advanced – see our plans and pricing to learn more. 

Or, you can sign up for our free edition to try out Blumira today and get:

• Coverage for unlimited users and data* for Microsoft 365
• Easy cloud SIEM setup in minutes with Cloud Connectors
• Detections automatically activated, fine-tuned for noise
• Summary dashboard of key findings & basic reports
• Playbooks to guide you through response steps
• 7 days of log data retention (upgrade to paid for 30 days or one year)

*Subject to Blumira’s Terms of Service