fbpx

Integrating Cisco Umbrella With Blumira

Click here for the most updated version of this document.

 

Cisco Umbrella prevents users from accessing any known malicious websites to protect against phishing and ransomware. It does this by filtering domain name server (DNS) requests, keeping a record of all malicious websites.

 

Blumira’s integration with Cisco Umbrella allows you to retrieve event data from Cisco Umbrella as a Blumira Cloud Connector. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Overview

Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira.

Important: If you are a Managed Service Provider (MSP) or if you have a multi-tenant Umbrella account, this procedure does not accurately represent the steps you will go through in Umbrella before configuring Blumira. For example, you will need to obtain the same credentials for use by the Blumira platform, but the location and steps to obtain the credentials in Umbrella are different. Also, you must ensure all credentials and settings are at the customer level in Umbrella, not the global MSP level.

Before you begin

Before you can configure Blumira to retrieve logs from Cisco Umbrella, you must gather your Cisco Umbrella Organization ID and Reporting API Key and Secret. To gather this information:

  1. Go to the Umbrella Admin Console and follow the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example:
    https://dashboard.umbrella.com/o/<OrgID>/#/overview
  2. Follow the steps in Umbrella API Authentication: Create an API Key to add a new API key, set the key scope for read-only access to the Report endpoints, and copy your API Key and Secret to use in the Blumira Cloud Connector.image002.png

Providing API credentials to Blumira

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration’s configuration parameters, you can then enable Blumira to collect your logs.

To configure your integration with Blumira Cloud Connector:

  1. In the Blumira app, go to the Cloud Connectors page (Settings > Cloud Connectors).
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
  5. Enter the API credentials that you collected in the “Before you begin” section above.
  6. Click Connect.
  7. On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
    Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.

Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.