Cisco Umbrella uses the internet’s infrastructure to block malicious destinations before a connection is ever established. By delivering security from the cloud, not only do you save money, but also provide more effective security. Cisco Umbrella observes your internet traffic, blocks any malicious destinations and logs the activities. Our Cisco Umbrella plugin is meant to collect these logs into the NetWitness Platform which helps the security analysts to analyze the different kinds of attacks, security breaches etc.
For more information please refer to:
Logs from Cisco Umbrella cloud can be exported to an AWS S3 bucket which can be managed by Cisco or the customer. Cisco Umbrella plugin uses Amazon's API to fetch the logs from AWS s3 bucket.
Configuration Guide: Cisco Umbrella Event Source Configuration Guide
Collector Package on RSA Live: "Cisco Umbrella Log Collector Configuration"
Parser on RSA Live: CEF
