Skip to main content

Requesting custom detection rules for your organization

  • Updated

Overview

If Blumira does not currently detect and create findings for a specific activity that your organization needs to be able to respond to, you can submit a request for a new detection, and our Incident Detection Engineers will determine if it can be created for your organization.

Note: In some cases, creating a Scheduled Report, which does not create findings in the app, is a preferred solution when there is only a need to monitor activity without having to respond to and resolve finding workflows.

Requesting modifications to existing detection rules

Some of the existing rules may not meet the specific needs of your organization, although most of the logic is already in place. If you identify a specific event that your organization requires a detection for that is based on one of the existing rules, you can submit a request to Support and include these details:

  • Existing detection rule name
  • The values and/or conditions that you want added or changed

Requesting new rules

Before submitting a request for a new rule, determine which data and conditions should trigger the detection and appear in the finding. The best way to share those details is by creating and saving a report in Report Builder, then including the report name in your request.

To create the report:

  1. Navigate to Reporting > Report Builder.
  2. From the Data Sources list, select the source(s) of the logs that you want Blumira to detect on.
  3. Click Show Advanced.
  4. Click Add Filter and enter the fields and values needed to drill down into the information for specific conditions.
  5. Click Submit to run the query.
  6. Save the new query to your Saved Reports list:
    1. Click Screenshot_2023-01-31_at_5.55.13_PM.png, then click Save & Schedule Report.
    2. In the Name of Query box, type a report name that is not already being used by another report.
    3. Click Save.
  7. (Optional) Run a test to verify your report is displaying the results you would like to trigger a finding in the app.

Using the Support button at the bottom of this window, you can send a request for your custom detection and include the name of the report that you created.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles