Blumira Reviews

I'm very happy we found them and made the switch from Perch to them. It's been so simple, works great and has been an amazing product for us. The configuration is quick and once deployed detection rules are automatically deployed and alerts just start coming in. Their support is excellent and has been very helpful in the few instances we have needed clarification on an alert, which you can message support right from an alert by checking a box, which is really helpful.

The support they provide to get your team knowledgeable on how Blumira works and the time they spend going through client setups with you was amazing. The detection rules are all made for you, and they are customizable after the fact to limit noise at individual clients for their use cases.

Not being integrated with an PSA system for ticketing does make addressing alerts a little annoying. Right now, the alerts can be emailed to your ticketing system to open tickets, but you need to go into Blumira to address them and close them along with closing your ticket in your psa. I wish there was integration to save time here.

We are a small MSP and started rolling out Blumira to our customers this year, after a long search for an affordable SIEM product for our small business customers. Blumira ticked all the boxes in what we were looking for and our experience with it since rollout has been almost entirely positive.

Setup:
You can have a rep handhold you through the process for onboarding your first customer, which some of my colleagues did, but I went ahead and tried going through setup by just following the documentation. The good news is that the documentation is great for all of the features and integrations we wanted to collect logs from: Microsoft 365 Cloud Connector, Windows Blumira agents, an Azure-hosted cloud sensor, Azure Monitor, Azure AD signin/audit logs, Intune, and 365 Defender. The bad news is that the formatting of the KB often had me scrolling back up after losing my place. There has been some improvement since with more screenshots and code blocks to help break up the content, but the KB really needs an overhaul with better navigation, search, and some setup walkthrough videos would be a huge plus. It's daunting though due to the breadth of integrations Blumira offers. Keeping the KB up to date has to be a huge part of their internal business.

Usage:
Once you're up and running, there's nothing more satisfying than watching the raw log count shoot up on the main dashboard. Once you get into the billions of logs and start getting alerts about incidents requiring your attention, you really understand how powerful a product this is. Knowing that Blumira can alert you on simple things like a HDD predicted to fail or a file with potential cleartext passwords on a user's desktop, all the way up to activity indicating a full-blown breach by a bad actor provides enormous peace of mind to both MSP and customer. Add to this knowing that there is 24/7 support, playbooks for response to major incidents, and the ability to isolate individual devices from the Blumira console, I sleep a lot better at night.

Even with all of these integrations and all of their logs, with a few tweaks to detection rules (which support is happy to help you with if you're not sure how to adjust them), the alerts aren't too noisy. I find we get alerted about what is truly important and the rest are retained with Blumira in case we need to review them in the course of an investigation.

Blumira has recently added an automatically generated executive summary report which is a lifesaver for security meetings with customer executives. I'd love to be able to generate reports that look like this on the fly from data from the custom reporting module in the Blumira console.

All in all, if you're looking for an SIEM (and XDR), it's hard to go wrong with Blumira, even if you just set up the free product for basic monitoring of your cloud productivity suites.

- Fantastic support, they respond quickly and are knowledgable about the product. No having to go through support tiers to get help with your queries.
- Setup documentation is excellent.
- Broad range of integrations.
- They have a truly free tier, but it's well worth paying for the SIEM+ product

- While documentation is excellent, the formatting of the knowledgebase is funky with lots of nested sections you expand.
- Search in the KB isn't great.
- Interface throughout the product could use some updating to be easier to navigate, but once you get used to the idiosyncrasies, it's dead simple.
- The custom reporting module is flexible but clunky to use.
- Would love an MSP overview in order to be able to clear incidents without having to hop into/out of each individual customer.

Blumira is scanning all of our logs and only showing the issues that need to be addressed. This solves the issue of dedicating a person to comb through 10's of thousands of logs each day.

We have been using Blumira for about 6 months now. It has been a great addition to our company's security profile. The best part is that I don't have to have my staff constantly monitor event logs all day long.

There are times when I want to see the raw logs. It takes some experience to decipher the raw log area. I think this will be a non-issue when I get some more exposure to using the raw log area.

This product has been a blessing for us. Being a smaller company it is always a challenge to manage security while watching a tight budget. Blumira fit all the boxes that we needed at a great price with great service. We have found numerous issues in our system from passwords stored in Word documents to identifying a vendor that out sourced work to India that was unknown about.

The ease of setup was incredible. Easy instructions allowed us to roll out the platform in the manner of an afternoon. Prebuilt scripts made deployment a snap. Great support with quick response times.

Older computers without SSD drives took a hit on performance due to the amount of logging that was turned on. These had to be adjusted to scale back some to a happy medium. Creating alerts or disabling alerts needs to be handled by support.

Great product/service and great customer support. Requests to customize alerts or add unusual log sources are handled expeditiously with plenty of communication to the customer.

This product accepts all of our logs and enables automated reporting for specific actions. Email alerts for events of concern are clear, with relevant subject lines. Events in GUI include relevant log events for reference.
Report builder interface allows combination of event logs from multiple log sources to provide an overall context for what happened in a specific time frame.

Getting a comprehensive report defined in the Report Builder GUI can be challenging if you are unfamiliar with the field names used for logs from various log sources. With use comes familiarity.

Overall a decent solution, constantly coming out with new integrations and the company is growing fast.

Easy to setup. Supports many SaaS offerings. Everything is documented and backed by their support team. Their SOC will help with any issues with setup as well as security events.

The solution is still growing and there is some much needed features coming soon. The sensor used to collect data can add some complexity but I've been told this is changing in the near future.

The whole experience of reviewing the product with the Sales team to implementation and the support of the product were very good. Value is there for Blumira.

Blumira is very Easy to setup.
There is no server on site to configure or maintain.
Logging is smoothly gathered to the cloud.
Value of the product is high.

Parsing of data took some time to control and read into reports.

Working with your Sales reps has been great, super responsive for calls and demos for my customers any time.

Fast response to threats. Makes it simple for my customers to set up a single view into their security stance.

The only thing i would say is that you're not a known entity.

Overall, Blumira is an AWESOME hosted SIEM/MDR solution at an extremely reasonable price point. It's no Splunk, but it's also a fraction of the cost, and top-notch support is included in the price. It should be able solve most organizations' problems for log collection and compliance, and their out-of-the-box detections catch most bad things without false-positives or needing to be tuned. If they continue adding the features they say they're adding, Blumira's definitely a solution to keep your eye on.

Blumira doesn't need agents, and it's really easy to setup and use. The built-in detections will quickly start to call-out risky behavior or settings that could be dangerous. So far, we haven't seen any missed detections or false-positives.

Requirement for a VM to collect logs - even if your integrations are all cloud (e.g. AWS, M365, etc), you still need to deploy a VM on your network to connect your cloud apps to Blumira's cloud. I was told this may change in the future.
Detections aren't user-configurable, but Blumira's support is extremely helpful and will change configurations for you if required. I was told this may change soon.
Views/dashboards aren't configurable, and reports aren't 'very sexy' (i.e. they give you the data you want in a CSV - no fancy PDF with graphs, logos, etc.)