You can now use detection filters in the app to allowlist a safe user, device, IP address, or other source that triggered a finding.
There are known and safe scenarios, such as when an employee relocates or a scheduled vulnerability scan occurs, when you might not want Blumira to create a finding. For this reason, you can now create and edit detection filters from existing findings so that safe sources are undetected in future activity. This further helps to reduce the noise from safe behavior so that you can focus on Blumira detections for potential threats to your organization’s security.
Important: Detection filters have replaced many previously customized detection rules. If you previously requested and we deployed a custom rule for your organization, the allowlisted values may have moved into the general detection rule in the Detection Rules section of the app. For example, if you were using "Custom: Microsoft 365 Login Anomaly" with allowlisted values, now the general rule "Microsoft 365 Login Anomaly" is enabled with the detection filter(s).