1. Blumira Support
  2. Using Blumira
  3. User Notifications

Quick Links

About user notifications

Overview

When an integration fails or a detection rule triggers a finding, Blumira can send your team notifications (Email, Voice, SMS text) so that your team can take action. You can also receive notifications when a responder is assigned to a finding or a new comment is added as a note on a finding. Notifications can be enabled or disabled according to priority and type.

Ensure that your organization's users can receive notifications from Blumira to respond to findings or integration health issues in an appropriate timeframe.

Reference: See About Blumira findings for our recommended response times.

Editing notification settings

Notification settings are managed at the user level and cannot be specified per organization. This means editing notification settings for a user impacts all of the Blumira accounts the user can access.

Users can view and edit their personal settings by clicking Notification Settings (the bell icon) at the top of the screen.

Screen Shot 2022-04-26 at 9.08.56 AM.png

As an Administrator or Manager, you can also configure which notifications your Blumira users receive by editing their notification settings.

Note: Free SIEM includes email notifications only, so free accounts will not trigger voice or text notifications.

To edit a user's notification settings, do the following:

  1. Navigate to Settings > Users.
  2. Click Edit (pencil icon) in the row with the user's name.
  3. In the Edit user window, click Edit User Notifications.
  4. Verify that the correct information is provided for the user:
    • Voice number
      Note: Notifications cannot be sent to phone extensions.
    • Text number
    • Email address
      Note: If we cannot successfully send finding emails to the provided address, such as when an email bounces back, we will send a text notification to the mobile number provided for texts to inform you of the email issue.
  5. Select the relevant check boxes to turn on VoiceText, or Email notifications per type.
    Tip: Blumira sends voice and text alerts from (313) 349-2586. Save the number as a safe caller/sender in your device so that alerts are not marked as spam.
  6. Select or deselect these options:
    • Email me on every new finding comment.
    • Email me when a responder takes initial ownership of a finding.
  7. Click Save.

System notifications related to your integrations

System notifications help you monitor the health of your integrations and respond as soon as possible when errors or failures occur. Below, you can find which options are available and what problems each of the notifications can alert you to.

Screenshot 2025-05-01 at 11.54.16 AM.png

Cloud Connector notifications

You can enable the following notifications if you want to receive an email when your Cloud Connector needs attention:

Option Name Related Scenarios
Cloud Connector errors and recoveries
  • A connector goes into an error state for at least 4 hours without recovering, with system checks running every 5-10 minutes.
    Note: If a connector was already in an error state before you enabled notifications, you will not receive this initial alert but will get reminder notifications if errors persist.
  • A connector recovers after experiencing errors for at least 4 hours and appears healthy.
Cloud Connector persistent errors A connector that previously entered an error state remains in error for at least 24 hours.
Cloud Connector failure to complete initialization A newly added connector is stuck initializing for at least 24 hours and cannot establish a connection.

 

Note: We recommend removing a Cloud Connector if it has entered an error state or is stuck initializing. Replace it by adding a new connector and ensuring all integration requirements are met. If you instead update the configuration for the existing connector, you may notice that an error message continues to appear for several minutes until the connector's next health check, which occurs every 5 to 10 minutes.

Blumira Agent notifications when installation fails

You can enable the "Maximum Deployable Agents exceeded" notification if you want to receive an email when the Blumira Agent fails to install on an endpoint. When enabled, you will receive an email for every endpoint that fails, and a repeat email every hour until the agent is able to check in.

Usually, the maximum agent limit needs to be increased by adding more users (agents) to the account's licensing, or an administrator needs to remove unused agent devices from the list of installed devices.

Reference: See Managing your Blumira Agent devices for more information.

Sensor notifications

Reference: Learn more about sensor status updates here.

You can enable the following notifications if you want to receive an email when your Ubuntu sensor needs attention:

Option Details
Sensor goes online or offline Sends when a sensor has gone offline, with a 4-hour threshold for inactivity. This setting also alerts you when it comes back online.
Sensor resources are low Sends when the storage resources available to the sensor are too low for it to perform.
Sensor stopped sending logs

Sends when the sensor's overall log collection rate suddenly sharply decreases within a 2-hour timeframe. 

Note: This alert does not indicate when a module installation fails or when logging from one integration fails or gradually decreases.

 

About Blumira finding emails

The emails Blumira sends for each finding contain the following content:

  • A parsable subject line formatted according to this convention: Finding_Type | Finding_Priority | Finding_Name @ Company_Name.
    Example: Suspect | P2 | Indicator: Microsoft 365 - Creation of forwarding/redirect rule @ Acme Security

  • The body of the email includes the timestamp of when the finding was created, along with the analysis for the finding, and a Learn More button that links directly to the finding's detail page (requires login).

Screen Shot 2022-07-12 at 11.49.53 AM.png