Summary
In April, we announced Blumira Investigate, a tool that simplifies incident response by extending visibility across your correlated data. We also introduced SAML single sign-on (SSO) and released an updated version of our Poshim script for Windows integrations. Upon learning about emerging Palo Alto and Cisco vulnerabilities, we quickly built global reports that help with monitoring threats.
Feature and Platform Updates
-
Blumira Investigate: Starting with a simple piece of evidence—such as a username, IP address, or process name—you can conduct one quick search to unlock correlated event information in your data and view a timeline of results. Perform investigations with less time spent on building the right report query. Blumira Investigate is included in Blumira’s SIEM+ and XDR solutions. Read more about its benefits and use cases here.
-
SAML SSO: Organizations on supported licenses can now configure single sign-on for their users to authenticate with the security of SAML-supported identity providers. See more details in Configuring SSO for your organization.
-
Poshim: The PowerShell shim (Poshim) script used for automating Windows integrations now includes an upgrade to Sysmon version 15.14.
-
Emerging Threat Reports:
-
After Palo Alto detailed the vulnerability in CVE-2024-3400, we released two new reports to help users look for known threat actors in their environments:
-
Palo Alto: Allowed Inbound Traffic From IPs Associated With CVE-2024-3400
-
Palo Alto: Allowed Outbound Traffic From IPs Associated With CVE-2024-3400
-
-
In response to the Arcane Door activity discovered in Cisco ASA VPNs, we released the report “Cisco ASA: ArcaneDoor Activity Audit” to help users look for indicators of compromise.
-
Detection Updates
You don’t have to wait! Our blog series of Security Detection Updates provides details about new detections we add each week. Here is the rundown of last month, plus some extras not mentioned in the blog:
Bug Fixes and Improvements
To provide more context and point of reference, we added the following information to finding emails:
-
Finding ID, which quickly identifies the unique finding
-
Data Source, which corresponds to the integration that the event came through
March Highlights
Want to look back at our March Product updates? Check those out here.
More from the blog
View All PostsSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.