Keeping the servers running smoothly and jumping from one application to another to juggle your day-to-day IT tasks doesn’t leave a lot of time for digging through data to understand the status of your current environment.
That’s why we’ve created pre-built top reports based on feedback from our customers to help you easily identify trends related to Microsoft Active Directory, Microsoft 365, Microsoft Azure and firewall activity.
Microsoft Active Directory (AD)
- Account Lockouts – Account lockouts could be an indicator of an attacker using the wrong password one too many times, in an attempt to gain access to your environment.
- Failed User Account Login – Failed logins can indicate that an attacker is trying to guess a user’s account credentials in order to gain access to your organization’s systems and data.
Blumira’s Popular Reports identifies specific users with unusual Microsoft AD login activity to help IT teams investigate further (by clicking into the data and drilling down into more details about the logins) and respond quickly to prevent a potential breach.
Microsoft 365 (formerly Office 365)
- Successful Microsoft 365 Logins Outside of the U.S. – This report shows any logins originating from outside of the U.S., which could indicate an attacker accessing your Microsoft 365 accounts (if you don’t have any users located outside the country).
- FTP From Internet – This is a list of the top public IP addresses attempting to connect via FTP (File Transfer Protocol) to your network. FTP connections shouldn’t be allowed from public IPs to your network as they can be leveraged for exploits.
- SSH/SFTP From Internet – This shows the top public IP addresses attempting to connect via SSH to your network. SSH should not be allowed from public IPs to your organization, nor should it be used for remote troubleshooting. SSH/SFTP should be monitored closely and connections should be made via VPN in most cases.
- Sign-In Outside of U.S. – This report shows any logins originating from outside of the U.S., which could indicate an attacker accessing your Microsoft Azure accounts (if you don’t have any users located outside the country).
Easily Dig Deeper Into Your Environment’s Data For Security Investigation
As you can see below, you can click to expand each report for a visual graph of your data. Select pre-destined date ranges, such as Previous 24 Hours or Previous 30 Days to quickly customize your view and populate the relevant data.
If you hover your cursor over the bar graph and click, you’ll be prompted with the link “View Report.” Once you click on View Report, you’ll be taken to our Report Builder that displays the same date range drill-down of data, with expanded data columns, data sources, filter and advanced options to further customize your view.
Additionally, we released click-through findings in our Security Dashboard view to allow you to easily click the headers of any of the graphs (“Top Threat Types” seen below) to access even more data through Report Builder.
Easily Detect & Respond With Blumira
Blumira enables small teams to detect unknown threats in their environment and respond to them faster by automating repetitive tasks and surfacing real indicators of attacks. Our reporting helps IT teams get day-to-day visibility into the state of their environment, and keeps them aware of ongoing security trends while allowing them to drill down deeper for investigation.
We provide context and playbooks with every finding to help your team stop an attack quickly before it results in a data breach. When you need further assistance, our responsive security operations team is available to provide their security expertise to help with guided response.
Our customers can easily deploy Blumira in a matter of hours; 5x faster than the average SIEM provider. See our documentation on how to set up Blumira with your existing stack, and contact us for a demo or request a free trial.