Getting Started

Congratulations on choosing Blumira! In a matter of hours—not months—you will begin seeing the security value of deploying Blumira’s robust threat detection and improving your organization’s security posture.

1) Activate Your Blumira Account

To activate your Blumira account:

1. In your email inbox, locate the account verification email that Blumira sent you.
2. Follow the email’s instructions to verify your account.
3. Log in to the Blumira app.

2) Deploying Blumira

To deploy Blumira, you will go through the following procedures:

1. Adding Cloud Connectors
2. Building a Blumira sensor host on Ubuntu
3. Adding a sensor in the Blumira app
4. Adding integrations

3) Next steps

After successfully connecting to your data sources, spend time in these areas of the app:

Dashboards:

• Summary – See what is included in the Summary dashboard.
• Responder – See what is included in the Responder dashboard.
• Security – See what is included in the Security dashboard.
• Manager – See what is included in the Manager dashboard.

Reporting:

• Report Builder – Use the Report Builder to analyze the logged events that you send Blumira.
• Findings – Respond to Findings in the app, such as identified threats and risks.

Settings:

• Detection Rules – View and manage your Detection Rules to identify activity and alert your team.
• Blocklists – Block or allow specific IPs or domains using your integrated firewall device(s) and Blumira’s dynamic blocklists.
• Users – Add users to your Blumira account or manage their notification settings.

 

Example Detections

Here are some examples of the frequently seen detections across our customers that you might see once you get started. Keep in mind, detections vary based on the integrations that are sending logs:

• Service Execution with Lateral Movement Tools
• 500GB+ Outbound Connection via Generic Network Protocol
• Clearing of Windows Event Logs
• Pass the Hash Behavior
• Impossible Travel
• M365 Email Forwarding Enabled
• Admin Account Added
• Multiple Windows User Accounts Password Reset Attempts
• PsExec Use on Network
• Potentially Malicious PowerShell Command
• Clear-Text Password on Local System

Blumira has hundreds of pre-tuned detections and our Incident Detection Engineering team adds more every week.

Tip: using the In App messaging, as detailed below, is the easiest way to request a specific rule be tuned or allowlisted.

How to Contact Support

Blumira offers several avenues to access our Security Operations and Support team. See our support page for hours and contact information: https://www.blumira.com/support

• By Phone: (877) 870-5876
• By Email: [email protected]
• By Using Case Management: http://blumira.zendesk.com
• In App: Send a message to support from the message area in the Responders’ dashboard. You may include attachments too!

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required