Getting Started

 

1) Activate Your Blumira Account

Once your account is created, check your inbox for your account verification email. Simply follow the steps outlined in the email to get logged in to https://app.blumira.com.

Now that you’re logged into your account, getting started takes only a few minutes. Follow the steps below to begin:

2) Set Up a Blumira Sensor Host

Set up an Ubuntu host that will be used for the Blumira Sensor (used to connect to services and collect your logs) using the following instructions: https://www.blumira.com/integration/blumira-sensor-deployment

Suggested Requirements for Sensor Host:

• 4 CPUs
• 4 GB of memory
• 200 GB of storage
• Static IP address assignment

3) Create a Blumira Sensor

From the Blumira console https://app.blumira.com, create a Blumira sensor by completing the following steps:

• Click INFRASTRUCTURE on the left menu
• Next click the ADD NEW SENSOR button.
• Enter a name for the sensor.
• Provide additional details about the sensor’s use case in the optional Description field.
• Use the Location dropdown to choose where the sensor resides.

Now click Install and within 5 minutes, you will receive an email with the script that is used to set up your sensor’s environment.

4) Activate the Blumira Sensor

Log in to your sensor via SSH and then copy and paste the script from your email into your Blumira host sensor server’s console to allow the automatic setup of your sensor’s environment. This process takes just a few moments to complete.

5) Add New Integrations

The final step is to configure your new integrations, log sources and modules.
Specific integration steps can be found in our documentation pages: https://blumira.com/integrations.

Below is a prioritized list of commonly-used integrations:

• Honeypot: Blumira Honeypot Module
• Collaboration Suites: Office 365, G Suite
• Endpoint Detection: Crowdstrike, Carbon Black, Cylance
• Cloud Infrastructure: Azure AD, Cisco Umbrella
• Servers: Windows Servers, Linux Servers
• Firewalls: Cisco ASA, Palo Alto NGFW, Cisco FTD, Fortinet, Checkpoint

What to Expect

Once logs are flowing up to Blumira, detection rules can be enabled to identify activity and alert your team. We have many default rules that can be added, however, you may also request customization by contacting our Security Operations team. Let us know what integrations you’ve configured so we can enable the appropriate detection rules.

Need an IP to be added to an allow list to limit false alerts when you have scheduled network or server scans? Need a PowerShell script to be added to an allow list as it’s approved to run on your systems? We are here to help and ensure your success!

How to Contact Support

Blumira offers several avenues to access our Security Operations and Support team. See our support page for hours and contact information: https://www.blumira.com/support

• By Phone: (877) BLUMIRA | (877) 258-6472
• By Email: [email protected]
• By Using Case Management: http://blumira.zendesk.com
• In App: Send a message to support by clicking the Support icon in the lower right corner of the page or from the Responders’ dashboard. You may include attachments too!

Start Your Free Trial

It’s easy to deploy and start seeing security value in a matter of hours, not months.

 

Appendix

Downloads:

• NXLog Download – NXlog is used to ship Windows event logs to a sensor
• Sysmon Download – Sysmon is a Windows service that enables additional event logging
• Logmira GPO Policy Download (for Windows) – Logmira is used to enable audit logging
• Flowmira NXLog Custom Config File for Blumira – Prebuilt config file for the NXLog service
• Ubuntu Server 18.04.5 Download – Use Ubuntu Server 18.04.5 as your sensor

Configuration Documentation:

• Sensor Deployment – How to deploy a sensor in your Blumira environment
• Sensor Creation – How to configure an Ubuntu Server to deploy a sensor
• Logmira GPO Import/Deploy (for Windows) – How to deploy our Logmira GPO policy
• NXLog Configuration – How to use our Flowmira NXLog configuration file
• NXLog Troubleshooting – Common NXLog troubleshooting procedures

Various API Integration Documentation:

• General Integration and Configurations for Blumira – Integrations and how to configure them

Download Getting Started With Blumira Guide (PDF)