After setting up your environment to send logs to Blumira, you can run some tests to verify that logs will trigger findings in Blumira.
Note: Blumira automatically deploys detection rules based on the logs being received in your account. Our rule deployment process runs approximately every 30 minutes. Before doing any detection tests, please allow 30-60 minutes after adding a new log source before attempting to trigger a test detection. Example: If you wish to test Microsoft 365, please wait 30-60 minutes after adding the M365 Cloud Connector before running the new rule creation detection test.
See these articles for information on testing some of Blumira's detections:
- Duo Security – Fraudulent Push Notification
- Honeypot – FTP Auth Test
- Honeypot – HTTP Auth Test
- Honeytoken - Kerberoast attack behavior
- Microsoft 365 - Suspicious Inbox Rule Creation
- Office 365 Password Spraying
- Windows - Testing detections for remote Windows logs
- Windows – Deletion Event Log Detection Test
- Windows – Domain Administrator Account Creation
- Windows – Setting Non-Expiring Password
-
Windows – PowerShell Execution Policy Bypass
Note: This rule is disabled by default, so you must enable it before testing.