While Blumira’s platform automates threat detection and response by surfacing only the most important findings in your environment, we know our customers sometimes need to dig a little deeper.
To support your compliance, auditing, and deeper investigation needs, we’ve added search and reporting functionality available now in beta in the Blumira administrative panel, seen below:
Interested in seeing more information about your cloud applications? Once you select this category of data, you can filter down into the specific vendor log types and attributes (entitled ‘columns’), such as the user, domain, operation, status, timestamp, etc.
Maybe you don’t have time to select filters or determine which columns you need, and you just need to search and create a report quickly for the C-level or your auditors. In that case, you can head to Blumira’s Global Searches functionality found on the right side.
We have many pre-populated searches available to you, based on your integrations and type of log data you’re sending to Blumira’s platform for threat detection and response.
These searches align with many regulatory data compliance standards and controls. For example, to meet PCI DSS (Payment Card Industry Data Security Standard) compliance, organizations need to implement automated audit trails for all system components in order to reconstruct certain events (PCI DSS 10.2.1-10.2.7).
One of those events includes any use of or changes to identification and authentication mechanisms – that translates to actions like the creation of new accounts, privilege escalation, or changes to accounts with root or admin privileges. Blumira’s new search feature allows you to click on the pre-built search query, then drill down into the when, who, what and more about any users that were created, by the integration type.
Below is an example of this specific search query for all log events sent by Microsoft’s Active Directory to Blumira’s platform:
Overall, simplified search and reporting of your system events can help you meet compliance requirements for reporting and analysis. For example, NIST SP 800-171 requires federal government contractors and subcontractors to provide audit record reduction and report generation to support on-demand analysis and reporting (3.3.6). This control is all about supporting the ability for organizations to review and investigate security incidents, while ensuring the integrity of the content and time ordering of audit records.
Blumira’s pre-built searches and other dashboards also provide summaries of meaningful security insights, such as Active Threats by Priority, that allows you to quickly identify any active or open threats. This helps streamline and prioritize findings to help your team respond quickly to still-active threats.
We can also report on statistics that can help inform your security strategy, or measure your team’s performance and overall security posture. One example is reporting on the Average Time to Close Threats, a key factor in understanding your current incident response metrics and giving you the ability to track it over time to measure progress.
The average time to identify and contain a breach is 279 days – but organizations can save up to 37% ($1.2 million) if they detect it under 200 days, according to IBM’s Cost of a Data Breach report. The faster you can respond to a security incident, the less damage to your systems, data and overall business.
Finally, we give you the capability to schedule and generate your own reports based on how often you need (or are asked for) them, to help further streamline and automate the reporting process for your organization or for auditing/compliance purposes.
To learn more about what you can do with Blumira’s search and reporting feature, schedule a demo or sign up for a 14-day free trial today.