April 2024 Releases

Summary

In April, we announced Blumira Investigate, a tool that simplifies incident response by extending visibility across your correlated data. We also introduced SAML single sign-on (SSO) and released an updated version of our Poshim script for Windows integrations. Upon learning about emerging Palo Alto and Cisco vulnerabilities, we quickly built global reports that help with monitoring threats.

Feature and Platform Updates

• Blumira Investigate: Starting with a simple piece of evidence—such as a username, IP address, or process name—you can conduct one quick search to unlock correlated event information in your data and view a timeline of results. Perform investigations with less time spent on building the right report query. Blumira Investigate is included in Blumira’s SIEM+ and XDR solutions. Read more about its benefits and use cases here.

• SAML SSO: Organizations on supported licenses can now configure single sign-on for their users to authenticate with the security of SAML-supported identity providers. See more details in Configuring SSO for your organization.

• Poshim: The PowerShell shim (Poshim) script used for automating Windows integrations now includes an upgrade to Sysmon version 15.14.

• Emerging Threat Reports:

  • After Palo Alto detailed the vulnerability in CVE-2024-3400, we released two new reports to help users look for known threat actors in their environments:

    • Palo Alto: Allowed Inbound Traffic From IPs Associated With CVE-2024-3400

    • Palo Alto: Allowed Outbound Traffic From IPs Associated With CVE-2024-3400

  • In response to the Arcane Door activity discovered in Cisco ASA VPNs, we released the report “Cisco ASA: ArcaneDoor Activity Audit” to help users look for indicators of compromise.

Detection Updates

You don’t have to wait! Our blog series of Security Detection Updates provides details about new detections we add each week. Here is the rundown of last month, plus some extras not mentioned in the blog: