Overview
Blumira sends three different types of notifications, which can be configured for each user by the priority and type of finding:
- Voice (phone)
- SMS text (phone)
Ensure that your organization's users can receive notifications from Blumira to handle findings in an appropriate timeframe. (See About Blumira findings for recommended response times.)
Blumira's notification emails contain the following content:
-
A subject line formatted according to this convention: Finding_Type | Finding_Priority | Finding_Name @ Company_Name.
Example: Suspect | P2 | Indicator: Microsoft 365 - Creation of forwarding/redirect rule @ Acme Security -
The body of the email includes a quick snippet around the timing as well as the analysis of the finding.
Example:
Suspect | P2 | Indicator: Microsoft 365 - Creation of forwarding/redirect rule @ Acme Security
Blumira has detected Indicator: Microsoft 365 - Creation of forwarding/redirect rule for Acme Security on 2022-06-29 02:47PM EDT and triggered action Create Priority 2 Suspect for Responders.Analysis:
The user testuseracct@email.com has created a new mail filtering inbox rule in their Microsoft 365 account. Many times compromised accounts will create inbox rules to lengthen the amount of time before the compromise is detected. These rules will sometimes remove email from sent folders or delete all incoming messages to the victim's mailbox. -
A Learn More button that links to the finding with workflow options in the app (requires login).
Editing notification settings
As an administrator or manager, you can determine which notifications your Blumira users receive.
To edit a user's notification settings:
- Navigate to Settings > Users.
- Click Edit (pencil icon) in the row with the user's name.
- In the Edit user window, click Edit User Notifications.
- Verify that the correct information is provided for the user's:
- Voice number
- Text number
- Email address
- Select the relevant check boxes to turn on Voice, Text, or Email notifications per priority level.
Tip: Blumira sends voice and text alerts from (313) 349-2586. Save the number as a safe caller/sender in your device so that alerts are not marked as spam. - Select or deselect these options:
- Email me on every new finding comment.
- Email me when a responder takes initial ownership of a finding.
- Click Save.
Alternatively, users can open and edit their own notification settings by clicking the bell icon at the top of the screen.