Within Blumira’s automated threat detection and response platform, our findings (events detected) come in five different types – Operational, Risk, Suspect, Threat, & System Notification.
Items that Blumira has determined are a risk to any organization. All organizations have different risk thresholds that rely on a large variety of situations, configurations, and technical controls. Due to the wide range of thresholds, Blumira will not assign a risk severity to these findings.
Even the examples shown below in some environments would be definite threats, while others would be considered risks that are a part of a longer term security architecture fix. Risk Findings are always Priority 3 at this point.
Examples:
Items that can not be verified as being a threat due to lack of information surrounding the event. Suspect events require further investigation or an additional piece of information from the customer to determine whether there should be an escalation to Threat. The additional piece(s) of information may be requested via workflow questions within Blumira. A suspect may also be escalated to a threat based on Blumira’s professional judgment and analysis.
Examples:
An event is classified as a threat when an event that poses an immediate and real threat to the security of data or resources has been detected with a very high level of confidence. Steps to mitigate or remediate a threat will be presented to the customer via workflow questions in the portal.
Threats are categorized into 3 different priorities when sent to Blumira Responders:
Examples:
Items that pertain to day to day operations. Not necessarily security related, but Blumira is ingesting the logs anyways! Operational Findings are always Priority 3 at this point.
Examples:
Examples:
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.