Before you begin
Below, we provide several tips to help orient you within the app and ensure your success as you start using Blumira as an MSP.
The videos in these articles can help you to visualize how to navigate the app:
Know what to expect the first time you log in to the app
- After we create your NFR account, you will receive an account verification email. Follow the steps outlined in the email to get logged in to app.blumira.com.
- With one login you will have access to:
- Your NFR account, including your MSP Portal, dashboards, reporting, and settings for your organization.
- All customer accounts that you add to your parent account over time. Later, you can use the Accounts table or the Organizations menu at the top of the screen to switch between the accounts that you need to work in.
- If you are an Administrator of a Blumira NFR account, you land in the MSP Portal > Accounts page when logging in. You can confirm that you are in your parent NFR account by viewing the Organization name at the top of the screen ("My Org Name - NFR" in the screenshot below).
- The Accounts screen is empty at first, as you have not yet added any customer organizations in the app. This screen will show all of your customer accounts after you add them in later steps.
Important: Do not add another new account for your internal use. All accounts that you add in MSP Portal are customer accounts. Your parent account is your internal use NFR account so there is no need to add another. - MSP Portal > Users includes the users that have been added to the NFR account, and this is the same list as in Settings > Users when you are working in your NFR account.
Tip: Confirm the organization name at the top of the screen if you are unsure which account's users you are viewing. - The MSP Portal is the best place to bulk-manage your subaccounts and NFR users.
- Settings > Users is the best place to manage an individual organization's users. This is true for both NFR and customer accounts.
Know what each role can do in the app
- Review About Blumira roles for MSPs for a complete view of permissions.
- Assign the Administrator role to your NFR users that need to manage other users, integrations, and settings (detection rules, sensors, etc). Administrators have access to all of your customer organizations and the MSP Portal.
- Assign Administrator and Responder roles to users who need to be able to do everything in the app, including responding to findings.
- Assign only the Responder role to any helpdesk resources that need to respond to findings but that should not have access to configure settings or add accounts. You choose which accounts they have access to.
Using Blumira
Follow the steps outlined below to connect your data sources to send logs to Blumira, start receiving findings, and add other users who will be using Blumira with you.
Task |
Link |
Est. Time |
Description |
Notes, Tips, and Tricks |
Set up Blumira Cloud Connectors for your NFR |
Link |
varies |
See the full list of Cloud Connectors. |
Follow each article's instructions to configure the external app and gather the API credentials to use in the Cloud Connector. |
Deploy Blumira Agent for endpoints |
Link |
5 min |
Collect logs from your endpoints for the supported platforms noted in the installation guide. |
NFR accounts can deploy up to 5 agents. Also see Activating Blumira Agent in your NFR account and sub-accounts. |
Configure email alerts to your ticketing tool |
5 min |
Notifications are sent via email, voice, and text alerts. Tip: You can set up a notification-only user profile with the Monitor role, which you can use to route email alerts to your PSA. |
For ConnectWise Manage customers, follow these instructions to set up a parser for Blumira alerts. If you'd like to receive findings in MS Teams, follow these instructions. Important: Notifications about Blumira findings provide only a summary. You must follow the link in the notifications to view full matched evidence and act on the remediation workflows in the app. |
|
Add teammates who will need access to remediate workflows |
5 min |
Use the MSP portal to add users and assign them to accounts. Users added in Blumira as app users are unrelated to billable user counts. |
Since access to Blumira requires MFA, and Responders are assigned for chain of custody auditing, any employees who will be responding to Blumira findings should be added as users with the appropriate role. |
|
Set up a Blumira sensor on Ubuntu |
20 min |
Set up an Ubuntu host that will be used for the Blumira sensor that connects to services and collects your logs. Suggested requirements for sensor host:
Steps for installing the Blumira sensor are included. |
For the best performance, we recommend using a virtual machine. It can go anywhere that makes sense depending on the network. They are frequently added to a server in a data center that has spare VM space. They are also commonly placed in Azure, AWS, etc. It just depends on the network. Tip: Take a snapshot of the VM before running the curl script, and use it as a template for streamlining future sensor rollouts. |
|
Add a honeypot module to your Blumira sensor |
1 min |
The sensor doubles as a log shipper and a Honeypot. Follow the docs to run our Dogemira script, which creates a honeytoken in your AD Domains for visibility into Kerberoasting and AS-REP roasting behavior. |
Name the Honeypot something like "DiskStation" to make it enticing. Tip: The Honeypot is an excellent way to demo the SIEM. You can run live detection tests on it and see findings show up in real-time. |
|
Send firewall logs to the sensor |
5 min |
For most firewalls, configuring logging entails sending Syslog from your firewall to the IP Address of the Blumira Sensor over port 514. Check the documentation for guidance on your specific brand of firewall. |
Ensure that you follow the documentation. Our parsing relies on receiving the logs in the expected format. |
|
Enable enhanced Windows logging |
and |
25 min |
Deployment of our Advanced Logging GPO and Honeytoken script can further enhance Blumira’s threat detection capabilities on Windows endpoints. |
|
Connect other relevant modules |
varies |
Check out our documentation page and Deploying Blumira for our latest integration list. We continue to add more over time. Data ingestion is unlimited, so the more security-relevant data, the better. |
||
Add your customer accounts |
varies |
Add your customer tenant accounts directly in the app using the MSP Portal. |
For bulk upload, download the Account Upload Template (CSV), fill it out, and return it to msp@blumira.com. Our team will then import and create all the customer accounts in bulk for you. | |
Review pricing information |
|
Information about pricing tiers, what a billable user is, and other specifics that help you understand the MSP pricing structure and billing process. |
||
Review additional documentation |
|
|
Some of these articles are relevant to all customers and not just to MSPs, so they are hosted on the general support site. Some articles are in the partner support site because the information is specific to MSPs. |