What is Reddit's opinion of
Blumira?
From 3.5 billion Reddit comments
➔ Blumira website
By popularity on Reddit, this Service is:
17 reviews of this app found across Reddit:
Hey MSP friends,
I'm a vendor, but I come bearing gifts. Blumira is new to the MSP space, but I'm not :-)
And the solution is really an ideal fit for the SMB and MSP space.
I'm building their MSP program and it starts with free-for-internal-use NFR licenses for our MSP partners. I understand that you need something that doesn't blow up your business model and am confident that once you use Blumira for internal use, you'll want to use it with your customers as well. I've also set a very attractive per-user-per-month price point for our MSP partners and 365-day retention is built in. Feel free to hit me up with questions or sign up to get your NFR going.
-Jeremy
We see MSPs as a very strategic focus for our future success. We actually just brought on an industry veteran to help build that out (shoutout to u/jeremy-blumira!) We’re already doing our best to support the community as a whole. We’re sponsoring some of our MSP Partners to attend an upcoming Level Up: The MSP Security Training Challenge.
Since we understand that our MSP partners like to drink their own kool-aid when it comes to technology, our program starts with free-for-internal-use NFR licensing so that you can see the value in our solution for yourself and operationalize it in your business before making the decision to add it to your services practice.
>If so, what makes you different from a product like Skout or Perch?
Skout is a SOC managing many different 3rd party offerings, while Blumira is a product company. The core of our SaaS solution is a SIEM. In that way, we’re more like Perch. Both are good offerings to be sure, and we’re friendly with both. However, the idea with Blumira is that all of the security expertise needed to get value out of that solution is done by our SecOps team and is included in the delivery of the product. We’re a security product for IT people.
To make Blumira affordable for SMB clients, we offer 1 yr log retention and 24/7 SecOps support for urgent inquiries baked in.
-- Matt Warner
We're doing some cool things at Blumira...... feel free to ask me any questions. I'm not in sales/marketing but can always point you in that direction if you're interested (free demo/PoC, but not sure how long they last?)
I've also worked with several other log ingestion platforms if you have other questions :) (elk/splunk mostly)
I've also referenced Poshim (PowerShell Shim) in the past. It's a script that automates the process of downloading and configuring NXLog and Sysmon on Windows hosts and sending that to a specific IP address.
This was made to send to the Blumira Sensor IP, but can be used to send to any resource for log collection and monitoring.
Which does not necessary means they are safe. This attack vector for example just needs someone with a browser on the network and a site to lure the user to: https://www.blumira.com/analysis-log4shell-local-trigger/
There was a new attack vector discovered using local websockets for local installs of Log4j-core. IS this something that has been added to the CS tuning for detections?
https://www.blumira.com/analysis-log4shell-local-trigger/
An Ubuntu VM to serve as a Blumira sensor is currently a requirement. It also serves as a Honeypot. This can live anywhere but is usually "on-prem" where applicable depending on the network.
We'll be releasing our Blumira hosted sensor, aka Cloud Connectors, in the near future (weeks, not months) which will reduce the reliance on the Ubuntu sensor over time.
I am of course biased as I am the director of partners at Blumira, but we're pretty spot-on for what you're describing. We also provide free-for-internal-use licensing for MSPs so you can determine the value and product fit for yourself before deciding to try and manage it for customers. Feel free to DM with questions :-)
We've been trying out Blumira - https://www.blumira.com/ - it is a cloud SIEM with a SOC and it is a lot different than other SIEMs I've used. When the threat is displayed there is an option to remediate it. We tried a SIEM from our RMM and it through so many alerts at us we couldn't handle them. This is much more to the point and ties in with 365, etc.
7 minute security did a podcast about it - https://7ms.us/7ms-495-desperately-seeking-a-super-siem-for-smbs-part-5/
Building a SOC is an incredibly time consuming undertaking, so firstly consider if this is for business or education. I would say if you are learning it’s absolutely okay if it takes even up to 6 months to get a fully operational SOC working well for home defense.
A great low cost way to learn SOC or build one for home security would be with a flavor of linux called NEMS Linux. You can then install Docker and a Pi hole inside of NEMS Linux and you can begin performing things like automated port blocking and also block ads while at it.
If you are building a SOC for business, we provide free trials to get a SOC off the ground quickly - our solution is heavily automated so it takes about a week to get a fully operational SOC running.
Foe perhaps the fastest way to get a SOC off the ground for business, check us out!
We do support McAfee (via ePO) and we have Zeek on our roadmap for parsing and detection engineering. Blumira is built from scratch to ensure scalability and speed across the platform; this is also why Blumira handles all parsing and ingestion while not charging based on data volume or EPS.
Blumira currently handles all alert creation internally via the detection engineering team to ensure the highest fidelity detections and playbooks. For example when CVE-2021-40444 came out, the team immediately moved to recreating the exploit, testing detections, and deploying out to customers without additional effort, the benefit of a cloud-focused SIEM!
Blumira is inherently SQL in our data warehouse and we expose data via a Report Builder that is structured around a Common Information Model to simplify data access.
If you want to reach out to our team at https://www.blumira.com/trial/ we can get you into a trial and provide additional information!
Generally speaking, DEBUG is never mandatory and often times just verbose - as outlined by NIST frameworks such as CSF.
Speaking of which, frameworks like NIST have good baseline guidance. The risk assessment is the only way to get feedback on what you guess, and aside from foundations like NIST or MITTR, it’s just a game of what seems to make sense and hope for the best (it’s why risk assessments are required for large companies. Without it, everything is pure guessing but the first attempt is always ultra forgiving). The NIST controls outlined here make good guidance, and most known compliance regulations on the planet are based on NIST.
BTW, Blumira doesn't charge based per GB of ingested data. Just one set price :)
It looks like you've got plenty of great information in this thread. To add on, this article explains some tests you can run on EDR software to determine the tool's effectiveness.
https://www.blumira.com/ntlm-relay-attack-petitpotam/
Looks like if you have good windows event collection you could look for the QIDs associated with thes eventids, followed by either a payload matches regex or a CEP for the specific qids for "elevated=true"
It's worth taking a look at Blumira. We've been scaling fast and actively building out for MSP's. https://www.blumira.com/partners/
Many of us came from Duo Security, Log Rhythm, MSPs, MSSPs and have focused on building for scalability, ease of use, a great culture and making sure we support our partners.
You should consider Blumira. After helping build Duo Security I left to work with the crew using a similar approach to SIEM / detection and response that Duo took to Two-factor. It's a SaaS SIEM that can be setup in under a few hour and you are good to go!