Pack Contributors:
- Ryan McVicar
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Cisco Umbrella cloud security
- Details
- Content
- Dependencies
- Version History
Basic integration with Cisco Umbrella that allows you to add domains to destination lists (e.g. global block / allow)
Cisco Umbrella cloud security
Collect Access Logs from Cisco Umbrella cloud security
AWS - S3 bucket
On AWS
Ensure you have the below prerequisites:
- A login to Amazon AWS service
- A bucket configured in Amazon S3 to be used for storing logs.
See this doc for further instructions on how to create a S3 bucket, and how to configure it for your needs.
Alternatively, use a Terraform module to set up the AWS infrastructure needed to ingest Cisco Umbrella logs into Cortex XSIAM. See the Terraform module's README for setup instructions.
On Cisco Umbrella cloud security
- Navigate to Admin > Log Management and select Use your company-managed Amazon S3 bucket.
- In the Bucket Name field type the bucket name you created in Amazon S3 and click Verify.
- After Cisco Umbrella verifies your bucket, it saves a file called README_FROM_UMBRELLA.txt in the bucket.
Open the file and copy and paste the token listed in it into Token Number and click Save.
For more information, refer to the official Cisco Umbrella documentation.
At the end of this process, you should have a folder created for each type of log in your bucket:
- auditlogs
- dnslogs
- proxylogs
Note:
Make sure that the Log schema version is configure to v8.
More information can be found here
On Cortex XSIAM:
- Navigate to Settings > Data Sources > Add Data Source.
- Click Amazon S3.
- Click Connect or Connect Another Instance.
- Set the following values:
- SQS URL - Refer to Configure an Amazon Simple Queue Service (SQS) here.
- Name as
Cisco Umbrella - AWS Client ID
- AWS Client Secret
- Log Type as
Generic - Log Format as
Raw - Vendor as
cisco - Product as
umbrella - Compression as
gzip - Multiline Parsing Regex as
^\"\d{4,}
For more information, see this doc.
Pack Contributors:
- Ryan McVicar
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Integrations
| Name | Description |
|---|---|
| Cisco Umbrella Cloud Security (Deprecated) | Deprecated. Use Cisco Umbrella Cloud Security v2 instead. |
| Cisco Umbrella Cloud Security v2 | Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats. |
Integrations
| Name | Description |
|---|---|
| Cisco Umbrella Cloud Security v2 | Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats. |
| Cisco Umbrella Cloud Security (Deprecated) | Deprecated. Use Cisco Umbrella Cloud Security v2 instead. |
Modeling Rules
| Name | Description |
|---|---|
Cisco Umbrella Cloud Security Modeling Rule |
Parsing Rules
| Name | Description |
|---|---|
Cisco Umbrella Cloud Security Parsing Rule |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
2.0.0 - 6111315 (August 21, 2023)
- 29091
- 28632
Download
Integrations
New: Cisco Umbrella Cloud Security v2
- New: Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats.
- Added the following commands:
- umbrella-destination-list-create
- umbrella-destination-lists-list
- umbrella-destination-list-update
- umbrella-destination-list-delete
- umbrella-destination-add
- umbrella-destinations-list
- umbrella-destination-delete
Cisco Umbrella Cloud Security (Deprecated)
Deprecated. Use Cisco Umbrella Cloud Security v2 instead.
- 29091
- 28632
Download
2.0.0 - 6111315 (August 21, 2023)
- 29091
- 28632
Download
Integrations
New: Cisco Umbrella Cloud Security v2
- New: Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats.
- Added the following commands:
- umbrella-destination-list-create
- umbrella-destination-lists-list
- umbrella-destination-list-update
- umbrella-destination-list-delete
- umbrella-destination-add
- umbrella-destinations-list
- umbrella-destination-delete
Cisco Umbrella Cloud Security (Deprecated)
Deprecated. Use Cisco Umbrella Cloud Security v2 instead.
- 29091
- 28632
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | November 9, 2020 | |
| Last Release | September 8, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
