Azure is Microsoft's cloud computing platform, used by 56% of organizations worldwide as one of the three main global cloud providers (others include Amazon Web Services and Google Cloud Platform).
Now you can quickly and easily set up your Azure Event Hub Cloud Connector to start sending logs to Blumira’s platform for detection and response. Previously, we offered this integration via sensor, but now it’s available via Cloud Connector.
Blumira automatically deploys detection rules, monitoring your Azure logs for anomalies around the clock and notifying you in near real-time – under a minute of initial detection. These rules are developed and managed by our incident detection engineering team to lift the burden from your small IT team and reduce the time spent managing security down to less than 15 minutes a day.
Learn more about some of our key detection rules, sent to your team as a context-rich finding with a workflow that guides you through how to respond:
Source: Updated version of the list from A Guide To Microsoft Azure Security Logging by Justin Kikani
See an example of one of Blumira’s Azure findings of an unauthorized access attempt flagged by Blumira’s platform as a potential threat below:
The finding provides an analysis of the threat detected, along with context about what kind of attack it might be, and a workflow that guides a responder through how to respond. If your team needs more support or has a question, they can click ‘Add note’ to message the Blumira support team directly – 24/7 Security Operations team is on standby to assist you.
Easily integrate your Microsoft Azure Event Hubs with Blumira via Cloud Connectors to stream Azure cloud security event logs and alerts to Blumira's SIEM and XDR platform.
The Azure Event Hubs integration can also be used to collect logs from Microsoft Intune and Microsoft 365 Defender.
See the complete step-by-step support article with screenshots here: Integrating With Microsoft Azure Event Hubs
Azure Detection Rules
See all automatically-enabled detection rules after you’ve set up your Azure integration by navigating to Settings > Detection Rules. Here you can toggle rules on or off as needed, and see the analyses summaries, categories, priority and more.
When viewing a finding’s detail (Reporting > Findings > click on an individual finding), scroll down to Detection Filters where you can further customize when you receive an alert in order to help reduce the noise of unnecessary notifications, so you can focus on what’s important to respond to right away. Easily exclude specific users or IPs from findings based on known safe activity at your organization.
See more information about all of our integrations. Get started by:
Signing up for a Free SIEM account – Get three free cloud integrations, detection rules, response playbooks and more for free, forever.
“We had been talking about QRadar; we had a demo of QRadar. Then we set up the free version of Blumira, and within the first 14 hours, had a detection that we probably would never have caught otherwise.” – Keith Knisely, Assistant VP/IT Specialist, SouthTrust Bank
Then activate your 30-day free XDR trial to try out additional features like Blumira Agent to gain visibility into endpoints and the ability to automatically respond to threats.