We’re happy to have the opportunity to improve your security posture by leveraging our cloud-based threat detection and response platform.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Add robust security detections on your environment with Blumira. After configuring log sources to point at Blumira, our security operations team takes care of tedious SIEM related tasks, such as: log parsing, data normalization, reporting, detection rules, and more.
Once your account is created, check your inbox for your account verification email. Simply follow the steps outlined in the email to get logged in to https://app.blumira.com.
Now that you’re logged into your account, getting started takes only a few minutes. Follow the steps below to begin:
Cloud Connectors allow for immediate log collection to the Blumira cloud via API: https://www.blumira.com/cloud-connectors
Integrations currently available with Cloud Connectors:
Note – If you are on the Free, M365, or Cloud edition, you can skip to “What to Expect” below. If you are on the Advanced edition, you will want to continue to step 3 to set up a Blumira Sensor to ingest Windows logs, Firewall logs, and many other integrations which require a Blumira sensor (listed on www.blumira.com/integrations). Any integration supported via a Cloud Connector does NOT require a sensor.
Set up an Ubuntu host that will be used for the Blumira Sensor (used to connect to services and collect your logs) using the following instructions: https://www.blumira.com/integration/blumira-sensor-deployment
Suggested Requirements for Sensor Host:
From the Blumira console https://app.blumira.com, create a Blumira sensor by completing the following steps:
Now click Install and within 5 minutes, you will receive an email with the script that is used to set up your sensor’s environment.
Log in to your sensor via SSH and then copy and paste the script provided on the sensor page, or delivered to your email, into your Blumira host sensor server’s console to allow the automatic setup of your sensor’s environment. This process takes just a few moments to complete.
The final step is to configure your new integrations, log sources and modules.
Specific integration steps can be found in our documentation pages: https://blumira.com/integrations.
Below is a prioritized list of commonly-used integrations:
Once logs are flowing up to Blumira, detection rules can be enabled to identify activity and alert your team. We have many default rules that can be added, however, you may also request customization by contacting our Security Operations team. Let us know what integrations you’ve configured so we can enable the appropriate detection rules.
Need an IP to be added to an allow list to limit false alerts when you have scheduled network or server scans? Need a PowerShell script to be added to an allow list as it’s approved to run on your systems? We are here to help and ensure your success!
Here are some examples of the frequently seen detections across our customers that you might see once you get started. Keep in mind, detections vary based on the integrations that are sending logs:
Blumira has hundreds of pre-tuned detections and our Incident Detection Engineering team adds more every week.
Tip: using the In App messaging, as detailed below, is the easiest way to request a specific rule be tuned or allowlisted.
Blumira offers several avenues to access our Security Operations and Support team. See our support page for hours and contact information: https://www.blumira.com/support
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required
Appendix
Configuration Documentation: