We are testing out Blumira and seriously considering adding it to our security stack. I believe Blumira is working on a firewall parser for pfSense (future integration) … however it is currently not available. Just curious if anyone is currently capturing pfSense logs into Blumira in a useful way?
So far, our testing shows the false positives to be very low which is fantastic. Reminds me of Huntress
So like Tom said, there isn’t an official parser for it yet, but it is possible to get the logs in a generic format if you need to. You can reach out to Blumira and they can create a report that will essentially give you a timestamp and a “message” column, which will contain the entire string from pfSense. Not the best, but can be useful if you need to do some forensics.
I am curious if a pfSense integration would include Suricata and/or Snort log monitoring. Ie. through Detection Rules. Or if something more would be required.
Cheers,
Mark
I’ve been wondering the same about snort/suricata, but figure I’ll take it one step at a time and not bombard them . I will say I’ve been extremely happy with their support the times I have reached out though.