Overview
Blumira integrates with SonicWall Secure Mobile Access (SMA) appliances to detect threats across your environment, combining SIEM log analysis and AI-powered investigation to provide actionable response.
Blumira collects and parses these SMA log types:
- System Message Log
- Management Audit Log
- Network Tunnel Audit Log
- Web Proxy Audit Log
- Client Installation Logs (Windows)
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Note: This integration requires the Logger Module, which is included by default in all Blumira sensors upon installation.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Ingestion > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Enable logging from SMA
To use your Blumira sensor as a syslog server, do the following:
- Log in to the SMA Appliance Management Console.
- Navigate to Monitoring > Logging > Configure Logging.
Note: If you are using the older SMA version 10.2, navigate to Log > Settings. - Under Syslog configuration, type your Blumira sensor's IP address and port 514 for the syslog server.
- Click Save.