Cisco Umbrella
Cisco Umbrella, formerly known as OpenDNS, is a cloud-based domain name resolution service. Netsurion Open XDR offers a solution for configuring and monitoring both events involving single organizations and Managed Service Providers (MSPs).
Netsurion Open XDR manages logs retrieved from Cisco Umbrella. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing any suspicious activities analyze the activity logs such as, DNS, proxy, firewall, or IP address.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Threat has been blocked | Generated when an event, such as DNS, IP address, firewall, or proxy, is blocked by Cisco Umbrella. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Proxy activities | Provides a summary of all the proxy entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, threat name, timestamp of activity, threat score, action taken on the event, and more. |
| Security | Cisco Umbrella – DNS activities | Provides a summary of all the DNS entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – Firewall activities | Provides a summary of all the Firewall entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – IP activities | Provides a summary of all the IP address entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Security activity by category | Displays the data about all security activities based on all different categories. |
| Security | Cisco Umbrella – Security activity by source IP | Displays the data about all security activities based on source IP. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | Cisco Umbrella – Proxy activities | Provides a summary of all the proxy entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, threat name, timestamp of activity, threat score, action taken on the event, and more. |
| Security | Cisco Umbrella – DNS activities | Provides a summary of all the DNS entries by Cisco Umbrella.It contains information such as the URL access by the user, URL category, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – Firewall activities | Provides a summary of all the Firewall entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
| Security | Cisco Umbrella – IP activities | Provides a summary of all the IP address entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 or later, and Cisco Umbrella.
Download the Integration Guide for configuration instructions and more information.