In May, we announced new subscription options for folks that are currently on our Free SIEM edition and want the ease of monthly commitments with the benefits of features like Blumira Agent and Security Operations and Technical Support. We also added a 1Password integration to our growing list of Cloud Connectors, and improved how new Microsoft 365 integrations are validated to ensure long-term stability.
Log Type | Detection Details |
---|---|
SonicWall Traffic | SonicWall: Login Failure We deprecated this original indicator detection rule and replaced it with the windowed detection rule described below. This original rule was generating findings with excessive numbers (many thousands) of rows of evidence, which led to crashes and prevented finding resolution in the app. |
SonicWall Traffic | NEW - SonicWall: 5 or More Login Failures in 15 Minutes This new windowed detection rule replaces the “SonicWall: Login Failure” rule. It triggers a finding when there are five or more login attempts that fail on a device within a 15-minute window. |
HTTP Access (Apache/IIS/NginX) | ConnectWise ScreenConnect SetupWizard Authentication Bypass CVE-2024-1709 We lowered the priority of this detection from a P1 to a P3 Threat. |
We added clear messaging in the Blumira Investigate results window when there are no results for the search so users are not left wondering whether the page is blank due to a loading error.
We released several improvements to error handling during the configuration of M365, SentinelOne, Google Workspace, and OneLogin Cloud Connectors. Users now see actionable errors and troubleshooting help when a new integration fails to successfully connect.
In case you missed the April updates, you can find and review those notes here.