Cisco Umbrella
Cisco Umbrella, formerly known as OpenDNS, is a cloud-based domain name resolution service. The Netsurion Open XDR platform offers a solution for configuring and monitoring both events involving single organizations and managed service providers (MSPs).
Netsurion’s Open XDR platform seamlessly combines SIEM that facilitates monitoring events retrieved from Cisco Umbrella. Its dashboard, category, alerts, and reports benefit in detecting any suspicious activities analyze the activity logs such as, DNS, proxy, firewall, or IP address.
Once you have configured Cisco Umbrella to deliver events to Netsurion’s Open XDR platform, configure the alerts, dashboards, and reports.
Some of the Data Source Integrations available in Netsurion are listed below.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Threat has been blocked | This alert is triggered when an event, such as DNS, IP address, firewall, or proxy, is blocked by Cisco Umbrella. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Proxy activities | This report provides a summary of all the proxy entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, threat name, timestamp of activity, threat score, action taken on the event, and more. |
| Security | Cisco Umbrella – DNS activities | This report provides a summary of all the DNS entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – Firewall activities | This report provides a summary of all the Firewall entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – IP activities | This report provides a summary of all the IP address entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
Documentation
The configuration details are consistent with Netsurion’s Open XDR platform version 9.3 or later, and Cisco Umbrella.
Download Integration Guide, and How-to Guide for more information and to configuration instructions.