Overview
Blumira’s modern cloud SIEM platform integrates with Ubiquiti UniFi controllers via syslog to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Note: This integration requires the Logger Module, which is included by default in all Blumira sensors upon installation.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Enabling logging from the firewall
- In the UniFi console, navigate to Settings > System > Integrations.
- Next to Activity Logging, select SIEM Server.
- Under Contents, ensure all options are selected for logging.
- In Server address, type your Blumira sensor's IP address.
- In Port, type 514.
- Click Apply changes.