We’re excited to announce the availability of Detection Filters to allow you to tune your own detection rules within the Blumira platform. This gives you the ability to prevent triggering alerts based on your organization’s known safe, normal or expected activity.
While Blumira’s team always pre-tunes detection rules to reduce noisy alerts before rolling them out to the platform for all customers, now you can further tune them to fit your organization’s specific needs. For example, if your leadership team is attending a conference outside of the country, you may want to exclude their usernames from triggering an alert every time they log in from a different location.
Blumira is dedicated to providing flexibility and customizability that’s easy for small and medium-sized businesses (SMBs) to understand and use. By further narrowing down what’s actually an anomaly, you can reduce the noise of false positive alerts for your small team so they can focus on what’s really important to your organization.
What is it?
Detection Filters empowers Blumira customers to edit and add a custom detection rule to fit their organization’s needs right away, instead of contacting the Blumira support team to update rules for them manually. However, our support team is always available to help if you need us – you can reach out directly to our team within the application.
With Blumira’s Detection Filters, you can create, view, edit and delete a detection filter on the Findings detail page (found under Reporting > click on an individual finding to see details). On the Detection Rules page (found under Settings), you can view and delete a detection filter.
Here are some examples of how a user can use Detection Filters:
As seen above, a user can navigate to their Detection Rules page to view, add, edit or delete the different detection filters they have created in their organization’s account.
Edit a Detection Filter
Users can also easily edit detection filters they have created, seen below:
Delete a Detection Filter
Users can also delete any detection filters they have created:
Who is it for?
Any Advanced, paid customer of Blumira that wants to fine-tune and edit their own detection rules within the Blumira platform.
Why did we build it?
To give customers more flexibility to customize their finding settings to fit their organization’s needs. A small team may not want to get a ton of detection alerts for a known, allowed IP address from Blumira’s platform. To cut down on noise and streamline their security operations, they can take advantage of Blumira’s Detection Filters functionality.
This feature also frees up the time of Blumira’s incident detection engineer (IDE) and SecOps teams, allowing them to focus on creating more timely threat detection rules to add to the platform that benefit the entire Blumira community of customers, not just individual ones.
When can they use it?
Blumira customers can access this feature now by navigating to the Findings page and selecting a finding to view and edit.
For more information, see Using detection filters in paid Blumira editions.
Blumira is dedicated to helping SMBs and mid-sized companies achieve easy-to-use, effective security that meets compliance and protects them against breaches and ransomware. We do things differently by providing more value for better security outcomes, including:
Meet compliance controls, save time on security tasks, focus on real threats and protect against a breach faster than ever with Blumira.
Sign up for a free account today!
To get a sneak peek into the product and learn how Detection Filters work, join our 20-minute demo with Jack Robb, Senior Solutions Engineer. Register here.
You can also sign up for our webinar “The Finer-Tuning Club: Proper SIEM Tuning Leads To Better Security Outcomes” to get tips about how to make SIEM rule configuration easier and more successful. Register here.