Skip to content
    September 13, 2022

    Now Available: Detection Filters For Custom Rules

    We’re excited to announce the availability of Detection Filters to allow you to tune your own detection rules within the Blumira platform. This gives you the ability to prevent triggering alerts based on your organization’s known safe, normal or expected activity. 

    While Blumira’s team always pre-tunes detection rules to reduce noisy alerts before rolling them out to the platform for all customers, now you can further tune them to fit your organization’s specific needs. For example, if your leadership team is attending a conference outside of the country, you may want to exclude their usernames from triggering an alert every time they log in from a different location.

    Blumira is dedicated to providing flexibility and customizability that’s easy for small and medium-sized businesses (SMBs) to understand and use. By further narrowing down what’s actually an anomaly, you can reduce the noise of false positive alerts for your small team so they can focus on what’s really important to your organization. 

    What is it?

    Detection Filters empowers Blumira customers to edit and add a custom detection rule to fit their organization’s needs right away, instead of contacting the Blumira support team to update rules for them manually. However, our support team is always available to help if you need us – you can reach out directly to our team within the application.

    With Blumira’s Detection Filters, you can create, view, edit and delete a detection filter on the Findings detail page (found under Reporting > click on an individual finding to see details). On the Detection Rules page (found under Settings), you can view and delete a detection filter.

    Here are some examples of how a user can use Detection Filters:

    • Look at their findings and decide they do not want to see alerts for a certain finding anymore, based on their organization’s needs and known safe activity
    • Click into a finding and decide an associated IP address (or user, device or other source) is acceptable to allow into their organization

    • Within the detailed finding page, a user can navigate to the Detection Filter section below the finding description and playbook to edit it
    • The user can add a new filter, then name it
      • Choose Client IP, Equal to: Certain IP address, then click Add
      • By adding this IP address, an organization marks it as ‘Allowed,’ which means it’s not a perceived threat or triggers a finding)

    As seen above, a user can navigate to their Detection Rules page to view, add, edit or delete the different detection filters they have created in their organization’s account.

    Edit a Detection Filter

    Users can also easily edit detection filters they have created, seen below:

    Delete a Detection Filter

    Users can also delete any detection filters they have created:

    Who is it for?

    Any Advanced, paid customer of Blumira that wants to fine-tune and edit their own detection rules within the Blumira platform.

    Why did we build it?

    To give customers more flexibility to customize their finding settings to fit their organization’s needs. A small team may not want to get a ton of detection alerts for a known, allowed IP address from Blumira’s platform. To cut down on noise and streamline their security operations, they can take advantage of Blumira’s Detection Filters functionality.

    This feature also frees up the time of Blumira’s incident detection engineer (IDE) and SecOps teams, allowing them to focus on creating more timely threat detection rules to add to the platform that benefit the entire Blumira community of customers, not just individual ones.

    When can they use it?

    Blumira customers can access this feature now by navigating to the Findings page and selecting a finding to view and edit.

    Additional Resources

    For more information, see Using detection filters in paid Blumira editions.

    Blumira is dedicated to helping SMBs and mid-sized companies achieve easy-to-use, effective security that meets compliance and protects them against breaches and ransomware. We do things differently by providing more value for better security outcomes, including:

    • Automate Tasks For You – We do all the heavy lifting for your team to save them time, including parsing, creating native third-party integrations, and testing and tuning detection rules to reduce noisy alerts.
    • Faster Time to Security – Our unique approach to detections notifies you of threats other security tools may miss, sending you real-time alerts in under a minute of initial detection to help you respond to threats faster than ever.
    • Easily Meet Compliance – With a year of data retention and deployment that takes minutes to hours, we help you meet cyber insurance and compliance easily and quickly with the team you have today.

    Meet compliance controls, save time on security tasks, focus on real threats and protect against a breach faster than ever with Blumira.

    Sign up for a free account today!

    Free Trial

    Learn Even More About Detection Filters

    To get a sneak peek into the product and learn how Detection Filters work, join our 20-minute demo with Jack Robb, Senior Solutions Engineer. Register here.

    You can also sign up for our webinar “The Finer-Tuning Club: Proper SIEM Tuning Leads To Better Security Outcomes” to get tips about how to make SIEM rule configuration easier and more successful. Register here.

    Tag(s): Product Updates , Blog

    Thu Pham

    Thu has over 15 years of experience in the information security and technology industries. Prior to joining Blumira, she held both content and product marketing roles at Duo Security, leading go-to-market (GTM) and messaging for the portfolio solution Cisco Zero Trust. She holds a bachelor of science degree in...

    More from the blog

    View All Posts