Cisco Umbrella prevents users from accessing any known malicious websites to protect against phishing and ransomware. It does this by filtering domain name server (DNS) requests, keeping a record of all malicious websites.
Blumira’s integration with Cisco Umbrella allows you to retrieve event data from Cisco Umbrella directly to your Blumira sensor. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.
Related Integrations: Cisco FTD FirePower Threat Defense, Cisco ASA Firewall
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Cisco Umbrella provides an API which allows for the retrieval of event data from Umbrella directly to your Blumira sensor. If you are using Umbrella, please follow this guide.
Before Blumira can retrieve logs from Umbrella, you will first need to obtain a Key and Secret for the Umbrella Reporting API.
*You may skip the steps involving base64 encoding these values to create an Authorization header.
*If the Reporting API is greyed out, it’s currently in use. Each API can only be used for one resource.
You will also need to make a note of your Organization ID within Umbrella.
Next, you’ll need to configure your Blumira sensor to connect to the Umbrella API, using the credentials you’ve obtained.
Here’s how to add the Umbrella module:
The Add New Module window should close. Back in your sensor detail page view, you should now see the Cisco Umbrella Module listed in the table of modules.
Within minutes, the module will be operational and will ingest Cisco Umbrella logs from the last 90 days into the Blumira platform. It will then poll Cisco Umbrella every minute for the latest available logs.
Note: In order to have client names included in the Umbrella logs, you will need to configure Active Directory integration with Umbrella. See the Additional Resources section below for detailed instructions on how to accomplish this.
Cisco Umbrella API: https://docs.umbrella.com/umbrella-api/docs/authentication-and-errors.
Cisco Umbrella Org ID: https://docs.umbrella.com/deployment-umbrella/docs/find-your-organization-id.
Cisco Umbrella AD Integration: https://docs.umbrella.com/deployment-umbrella/docs/1-ad-integration-setup-overview