Pack Contributors:
- Ryan McVicar
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Basic integration with Cisco Umbrella that allows you to add domains to destination lists (e.g. global block / allow)
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
On AWS
Ensure you have the below prerequisites:
See this doc for further instructions on how to create a S3 bucket, and how to configure it for your needs.
Alternatively, use a Terraform module to set up the AWS infrastructure needed to ingest Cisco Umbrella logs into Cortex XSIAM. See the Terraform module's README for setup instructions.
On Cisco Umbrella cloud security
For more information, refer to the official Cisco Umbrella documentation.
At the end of this process, you should have a folder created for each type of log in your bucket:
Note:
Make sure that the Log schema version is configure to v8.
More information can be found here
On Cortex XSIAM:
Cisco Umbrella
Generic
Raw
cisco
umbrella
gzip
^\"\d{4,}
For more information, see this doc.
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
Name | Description |
---|---|
Cisco Umbrella Cloud Security (Deprecated) | Deprecated. Use Cisco Umbrella Cloud Security v2 instead. |
Cisco Umbrella Cloud Security v2 | Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats. |
Name | Description |
---|---|
Cisco Umbrella Cloud Security v2 | Cisco Umbrella is a cloud security platform providing the first line of defense against internet threats. It uses DNS-layer security to block malicious requests before a connection is established, offering protection against malware, ransomware, phishing, and more. It offers real-time reporting, integrates with other Cisco solutions for layered security, and uses machine learning to uncover and predict threats. |
Cisco Umbrella Cloud Security (Deprecated) | Deprecated. Use Cisco Umbrella Cloud Security v2 instead. |
Name | Description |
---|---|
Cisco Umbrella Cloud Security Modeling Rule |
Name | Description |
---|---|
Cisco Umbrella Cloud Security Parsing Rule |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Pack Name | Pack By |
---|
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Deprecated. Use Cisco Umbrella Cloud Security v2 instead.
Deprecated. Use Cisco Umbrella Cloud Security v2 instead.
Certification | Certified | Read more |
Supported By | Cortex | |
Created | November 9, 2020 | |
Last Release | September 8, 2025 |