fbpx
Back Arrow Back to All Integrations

Blumira Getting Started Guide

Welcome to Blumira!

We’re happy to have the opportunity to improve your security posture by leveraging our cloud-based threat detection and response platform.

 

 

Click here for the most updated version of this documentation.

 

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Getting Started

Congratulations on choosing Blumira! In a matter of hours—not months—you will begin seeing the security value of deploying Blumira’s robust threat detection and improving your organization’s security posture.

1) Activate Your Blumira Account

To activate your Blumira account:

  1. In your email inbox, locate the account verification email that Blumira sent you.
  2. Follow the email’s instructions to verify your account.
  3. Log in to the Blumira app.

2) Deploying Blumira

To deploy Blumira, you will go through the following procedures:

  1. Adding Cloud Connectors
  2. Building a Blumira sensor host on Ubuntu
  3. Adding a sensor in the Blumira app
  4. Adding integrations

3) Next steps

After successfully connecting to your data sources, spend time in these areas of the app:

Dashboards:

Reporting:

  • Report Builder – Use the Report Builder to analyze the logged events that you send Blumira.
  • Findings – Respond to Findings in the app, such as identified threats and risks.

Settings:

 

Example Detections

Here are some examples of the frequently seen detections across our customers that you might see once you get started. Keep in mind, detections vary based on the integrations that are sending logs:

  • Service Execution with Lateral Movement Tools
  • 500GB+ Outbound Connection via Generic Network Protocol
  • Clearing of Windows Event Logs
  • Pass the Hash Behavior
  • Impossible Travel
  • M365 Email Forwarding Enabled
  • Admin Account Added
  • Multiple Windows User Accounts Password Reset Attempts
  • PsExec Use on Network
  • Potentially Malicious PowerShell Command
  • Clear-Text Password on Local System

Blumira has hundreds of pre-tuned detections and our Incident Detection Engineering team adds more every week.

Tip: using the In App messaging, as detailed below, is the easiest way to request a specific rule be tuned or allowlisted.

How to Contact Support

Blumira offers several avenues to access our Security Operations and Support team. See our support page for hours and contact information: https://www.blumira.com/support

  • By Phone: (877) 870-5876
  • By Email: [email protected]
  • By Using Case Management: http://blumira.zendesk.com
  • In App: Send a message to support from the message area in the Responders’ dashboard. You may include attachments too!

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required

Free Trial