Cisco Umbrella

Overview

Cisco Umbrella is a DNS event source that collects information about services and incidents found on your network.

Before You Begin

In order to see Cisco Umbrella logs in InsightOps, you must configure the AWS S3 Bucket to send messages to InsightOps. Detailed information about this process can be found here.

In your Cisco Umbrella console, go to Settings > Log Management and complete the following steps.

  1. Select the option to use your own S3 bucket, or the Cisco managed S3 bucket.
  2. Select your Region and select Save.
  1. The console will take a few moments to activate. Then you will see a confirmation message with the Bucket Name, Access Key, and Secret Key. Make sure to copy these for later use in InsightOps.
  1. Select the Got It! checkbox and press Continue.
  2. You will see another confirmation message that Cisco is sending logs to the S3 bucket.

How to Configure this Event Source

  1. From your InsightOps dashboard, select Data Collection on the left hand menu
  2. At the top right of the page, select Add Data
  3. Select the DNS icon from the Security Data section
  4. Select your collector, and optionally name your event source
  5. From the list of event source options, choose Cisco Umbrella
  6. Choose a time zone.
  7. Optionally choose to send unfiltered logs
  8. Select your existing Credentials or select Create New at the bottom of the dropdown.
  9. Enter the Secret Key
  10. Enter the S3 Bucket Name
  11. Enter the S3 Key Prefix Key Prefix allows you to specify from what folder the logs should be collected. Learn more about prefixes here. If you do not have any folders or subdirectories where the logs are stored, keep this field blank.
  12. Select the Bucket Region Name.
  13. Enter the refresh rate in minutes. A recommended rate is 10 minutes.
  14. Select Save.