Click here for the most updated version of this document.
Cisco Umbrella prevents users from accessing any known malicious websites to protect against phishing and ransomware. It does this by filtering domain name server (DNS) requests, keeping a record of all malicious websites.
Blumira’s integration with Cisco Umbrella allows you to retrieve event data from Cisco Umbrella as a Blumira Cloud Connector. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira.
Important: If you are a Managed Service Provider (MSP) or if you have a multi-tenant Umbrella account, this procedure does not accurately represent the steps you will go through in Umbrella before configuring Blumira. For example, you will need to obtain the same credentials for use by the Blumira platform, but the location and steps to obtain the credentials in Umbrella are different. Also, you must ensure all credentials and settings are at the customer level in Umbrella, not the global MSP level.
Before you can configure Blumira to retrieve logs from Cisco Umbrella, you must gather your Cisco Umbrella Organization ID and Reporting API Key and Secret. To gather this information:
https://dashboard.umbrella.com/o/<OrgID>/#/overview
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration’s configuration parameters, you can then enable Blumira to collect your logs.
To configure your integration with Blumira Cloud Connector:
Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.