fbpx
Back Arrow Back to All Integrations

About Blumira findings

Blumira Security Findings

 

Click here for the most updated version of this documentation.

 

Within Blumira’s automated threat detection and response platform, our findings (events detected) come in five different types – Operational, Risk, Suspected Threat, Threat, & System Notification.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required

 

Free Trial

About Blumira findings

Overview

Blumira detects different types of security events, called findings, and provides you with a workflow to respond to and resolve those findings. We generate findings when the logged event data from your environment meet the conditions of Blumira’s detection rules. Logged events that do not meet the conditions with matchable evidence do not qualify as a finding or trigger a notification.

Note: Blumira sends finding notifications immediately and according to your users’ notification settings. Ensure that your users are able to receive notifications from Blumira to respond to findings in an appropriate timeframe.

Findings categories

The following table describes the different Blumira findings categories and how you can act on them:

Detection filters in findings

In some scenarios, activity that would normally generate a finding includes safe sources that you want to allow and not see findings for. For example, when an employee has recently relocated or is working internationally, or when a pen tester is temporarily accessing your systems, receiving and resolving certain findings about their activity could be unnecessary.

If you have Blumira’s Advanced edition, you can create detection rule filters to exclude specific IP addresses, users, and other values from a detection rule.

Reference: Learn how to set up detection filters in Using detection filters in Advanced edition.