fbpx

Documentation

Blumira Configuration

  • Blumira Getting Started Guide

  • Create a Blumira Sensor

  • Blumira Sensor Outbound Allowlist

  • Reinstalling or Updating a Blumira Sensor

  • Security Findings

  • Role-Based Administration

  • Dynamic Blocklists and Threat Feeds

  • Deploy a Blumira Honeypot

  • Build a Sensor on Ubuntu

  • Cloud Connectors

Cloud Services
  • Azure AD Event Hubs

    Azure AD Event Hubs

  • Cisco Umbrella

    Cisco Umbrella

  • Duo Security

    Duo Security

  • Google G Suite

    Google G Suite

  • Infoblox

    Infoblox

  • Okta

    Okta

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

  • LastPass

    LastPass

  • Microsoft 365 Defender

    Microsoft 365 Defender

  • Microsoft 365

    Microsoft 365

  • Microsoft Cloud App Security

    Microsoft Cloud App Security

AWS
  • AWS: Getting Started Guide

    AWS: Getting Started Guide

  • AWS: Kinesis Data Stream and IAM

    AWS: Kinesis Data Stream and IAM

  • AWS: CloudWatch

    AWS: CloudWatch

  • AWS: GuardDuty

    AWS: GuardDuty

  • AWS: CloudTrail

    AWS: CloudTrail

  • AWS: VPC Flow Logs

    AWS: VPC Flow Logs

Endpoint
  • SentinelOne

    SentinelOne

  • Malwarebytes

    Malwarebytes

  • Malwarebytes Nebula

    Malwarebytes Nebula

  • Blackberry Cylance

    Blackberry Cylance

  • CrowdStrike Falcon Endpoint Protection

    CrowdStrike Falcon Endpoint Protection

  • ESET Endpoint Protection

    ESET Endpoint Protection

  • Sophos Central

    Sophos Central

  • Symantec Endpoint Security

    Symantec Endpoint Security

  • Trend Micro Apex One

    Trend Micro Apex One

  • VMware Carbon Black Response

    VMware Carbon Black Response

  • VMware Carbon Black Managed Defense

    VMware Carbon Black Managed Defense

  • VMware Carbon Black Endpoint Protection

    VMware Carbon Black Endpoint Protection

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

Microsoft Windows
  • Poshim – Automated Windows Log Collection Agent

    Poshim – Automated Windows Log Collection Agent

  • Advanced Microsoft Logging (GPO Template)

    Advanced Microsoft Logging (GPO Template)

  • System Monitor (Sysmon)

    System Monitor (Sysmon)

  • Microsoft Windows Firewall

    Microsoft Windows Firewall

  • Microsoft Windows PowerShell

    Microsoft Windows PowerShell

  • Microsoft Windows IIS

    Microsoft Windows IIS

  • Microsoft Active Directory

    Microsoft Active Directory

  • Microsoft Windows Server

    Microsoft Windows Server

Microsoft Cloud
  • Poshim – Automated Windows Log Collection Agent

    Poshim – Automated Windows Log Collection Agent

  • Azure AD Event Hubs

    Azure AD Event Hubs

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

  • Microsoft 365 Defender

    Microsoft 365 Defender

  • Microsoft 365

    Microsoft 365

  • Microsoft Cloud App Security

    Microsoft Cloud App Security

  • Microsoft Security Modules

Identity
  • Duo Security

    Duo Security

  • Okta

    Okta

  • LastPass

    LastPass

  • Microsoft Active Directory

    Microsoft Active Directory

Firewall
  • Check Point Next-Gen Firewall

    Check Point Next-Gen Firewall

  • Cisco ASA Firewall

    Cisco ASA Firewall

  • Cisco FTD FirePower Threat Defense

    Cisco FTD FirePower Threat Defense

  • Cisco Meraki Firewall

    Cisco Meraki Firewall

  • Citrix Netscaler ADC

    Citrix Netscaler ADC

  • F5 Big-IP

    F5 Big-IP

  • Fortinet Fortigate Firewall

    Fortinet Fortigate Firewall

  • Palo Alto Next-Gen Firewall

    Palo Alto Next-Gen Firewall

  • Palo Alto Networks Panorama

    Palo Alto Networks Panorama

  • SonicWall Next-Gen Firewall

    SonicWall Next-Gen Firewall

  • Sophos XG Firewall

    Sophos XG Firewall

  • WatchGuard Firebox Firewall

    WatchGuard Firebox Firewall

Other
  • Osquery

    Osquery

  • Apache Web Server

    Apache Web Server

  • Apple Mac OS

    Apple Mac OS

  • Forescout

    Forescout

  • KnowBe4 – PhishER

    KnowBe4 – PhishER

  • Linux Auditd File Integrity Monitoring

    Linux Auditd File Integrity Monitoring

  • Linux Journald

    Linux Journald

  • Linux Servers

    Linux Servers

  • Nginx Web Server

    Nginx Web Server

  • Proofpoint Advanced Threat Protection

    Proofpoint Advanced Threat Protection

  • VMware VSphere/VCenter

    VMware VSphere/VCenter

  • WinLogBeat Forwarding

    WinLogBeat Forwarding

Security Guides
  • How to Image Machines for Forensic Use

    How to Image Machines for Forensic Use

  • How to Disable Null Session in Windows

    How to Disable Null Session in Windows

  • How to Disable LLMNR, Netbios, WPAD, & LM Hash

    How to Disable LLMNR, Netbios, WPAD, & LM Hash

  • How to Configure SMB Signing

    How to Configure SMB Signing

Detection Tests
  • Windows – Deletion Event Log Detection Test

    Windows – Deletion Event Log Detection Test

  • Duo Security – Fraudulent Push Notification

    Duo Security – Fraudulent Push Notification

  • Windows – Domain Administrator Account Creation

    Windows – Domain Administrator Account Creation

  • Windows – Setting Non-Expiring Password

    Windows – Setting Non-Expiring Password

  • Windows – PowerShell Execution Policy Bypass

    Windows – PowerShell Execution Policy Bypass

  • Office 365 Password Spraying

    Office 365 Password Spraying

  • Honeypot – FTP Auth Test

    Honeypot – FTP Auth Test

  • Honeypot – HTTP Auth Test

    Honeypot – HTTP Auth Test

  • Microsoft 365 – Inbox Forwarding Rule

    Microsoft 365 – Inbox Forwarding Rule

Threat Feeds
  • Blumira Feeds: An Overview

    Blumira Feeds: An Overview

  • Threat Feed: Abuse.ch SSL Blocklist

    Threat Feed: Abuse.ch SSL Blocklist

  • Threat Feed: Abuse.ch Feodo Tracker

    Threat Feed: Abuse.ch Feodo Tracker