Click here for the most updated version of this documentation.
Within Blumira’s automated threat detection and response platform, our findings (events detected) come in five different types – Operational, Risk, Suspected Threat, Threat, & System Notification.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required
Blumira detects different types of security events, called findings, and provides you with a workflow to respond to and resolve those findings. We generate findings when the logged event data from your environment meet the conditions of Blumira’s detection rules. Logged events that do not meet the conditions with matchable evidence do not qualify as a finding or trigger a notification.
Note: Blumira sends finding notifications immediately and according to your users’ notification settings. Ensure that your users are able to receive notifications from Blumira to respond to findings in an appropriate timeframe.
The following table describes the different Blumira findings categories and how you can act on them:
In some scenarios, activity that would normally generate a finding includes safe sources that you want to allow and not see findings for. For example, when an employee has recently relocated or is working internationally, or when a pen tester is temporarily accessing your systems, receiving and resolving certain findings about their activity could be unnecessary.
If you have Blumira’s Advanced edition, you can create detection rule filters to exclude specific IP addresses, users, and other values from a detection rule.
Reference: Learn how to set up detection filters in Using detection filters in Advanced edition.