Overview
When a detection triggers a finding, Blumira can send your team three different types of notifications (Email, Voice, SMS text), and these can be enabled or disabled according to priority and finding type.
Ensure that your organization's users can receive notifications from Blumira to respond to findings or sensor health issues in an appropriate timeframe. (See About Blumira findings for recommended response times.)
There are also separate options to receive emails when:
- Someone comments on a finding in the app.
- Someone assigns a finding to a responder.
Editing notification settings
Users can open and edit their own notification settings by clicking the bell icon at the top of the screen.
As an Administrator or Manager, you can also configure which notifications your Blumira users receive.
To edit a user's notification settings:
- Navigate to Settings > Users.
- Click Edit (pencil icon) in the row with the user's name.
- In the Edit user window, click Edit User Notifications.
- Verify that the correct information is provided for the user:
- Voice number
- Text number
- Email address
- Select the relevant check boxes to turn on Voice, Text, or Email notifications per priority level.
Tip: Blumira sends voice and text alerts from (313) 349-2586. Save the number as a safe caller/sender in your device so that alerts are not marked as spam. - Select or deselect these options:
- Email me on every new finding comment.
- Email me when a responder takes initial ownership of a finding.
- Click Save.
System notifications about sensor health
Organizations that are running Blumira sensors for logging can choose to receive alerts related to sensor health. These notifications, along with frequent reminders, help you to monitor the health of your sensors and respond as soon as possible when they experience trouble.
You can separately configure sensor notifications to alert you when any of the following occurs in one of your Blumira sensors:
-
it goes offline for over 5 minutes and when it comes back online
-
its log collection rate suddenly sharply decreases
- the storage resources available to the sensor are too low
Contents of Blumira finding emails
The emails Blumira sends for each finding contain the following content:
-
A subject line formatted according to this convention: Finding_Type | Finding_Priority | Finding_Name @ Company_Name.
Example: Suspect | P2 | Indicator: Microsoft 365 - Creation of forwarding/redirect rule @ Acme Security -
The body of the email includes the timing as well as the analysis for the finding.
Example:Suspect | P2 | Indicator: Microsoft 365 - Creation of forwarding/redirect rule @ Acme Security
Blumira has detected Indicator: Microsoft 365 - Creation of forwarding/redirect rule for Acme Security on 2022-06-29 02:47PM EDT and triggered action Create Priority 2 Suspect for Responders.Analysis:
The user testuseracct@email.com has created a new mail filtering inbox rule in their Microsoft 365 account. Many times compromised accounts will create inbox rules to lengthen the amount of time before the compromise is detected. These rules will sometimes remove email from sent folders or delete all incoming messages to the victim's mailbox. -
A Learn More button that links you to the finding with workflow options in the app (requires login).
