Skip to content
Get A Demo
Free SIEM
    March 5, 2024

    Security Detection Update – 2024-3-5

    Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we’ve made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we’ll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you’re lucky.

    Introduction and Overview

    This week was all about you! Yes you!

    We currently have dedicated customer detection sprints that focus on bugs and requested detections.


    New Detections

    This update introduces several new detections, including:

    Top Secret

    If you know, you know. You were one of the completed custom detections. 😁


    New Reports

    This update introduces new global reports, including:

    Microsoft 365: MFA Changes Against Users

    As a report version of the detection released last week, this shows a 30 day view of all MFA options that have been changed. However you may notice that any changes initiated by an admin user will point to an Entra ServicePrincipal Accounts. These accounts can be correlated in the Entra portal, or with the report below.

    Microsoft 365: User MFA Changes – By Admin – EventHub

    This is like the one above but better! As a rule of thumb (at least currently, who knows with MS) EventHub can sometimes send significantly more data in the logs than other methods. This report will show you what Admin account changed what user MFA options in full.

    •  

    Amanda Berlin

    Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

    More from the blog

    View All Posts