Overview
Blumira’s modern cloud SIEM platform integrates with Ubiquiti UniFi controllers via syslog to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Note: This integration requires the Logger Module, which is included by default in all Blumira sensors upon installation.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Enabling logging from the firewall
- In the UniFi console, navigate to Settings > System > System logging.
- Click the check box next to Syslog.
- In Syslog Host, type your Blumira sensor's IP address.
- In Syslog Port, type 514.
- Click Apply changes.