Overview
Blumira integrates with Ubiquiti UniFi controllers via Syslog to detect cybersecurity threats across your environment, combining SIEM log analysis, endpoint detection, and AI-powered investigation to provide automated or actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Note: This integration requires the Logger Module, which is included by default in all Blumira sensors upon installation.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Ingestion > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Enabling logging from the firewall
Enable traffic logging by doing the following:
- Navigate to Settings > CyberSecure > Traffic Logging.
- Next to "Flow Logging," select All Traffic, and then click the check boxes for the following Additional Flows:
- Gateway DNS
- UniFi Services
- All UniFi Device Management
- Next to "Activity Logging (Syslog)," select SIEM Server, and then select all available Contents options.
- In Server Address, type your Blumira sensor's IP address.
- In Port, select 514.
- Click Apply changes.