Applies To: CISCO "Umbrella" OpenDNS
Cisco “Umbrella” OpenDNS service is cloud based domain name resolution service with added features like, content filtering, anti-phishing, anti-malware and anti-ransomware. This is designed to prevent any advance persistent threat from attacking a network with malicious contents.
EventTracker helps to monitor events from Cisco “Umbrella” OpenDNS. The security related events include attempts to access sites hosting malware or phishing sites, botnet activity on infected machines on your local network, attempts to download malicious files—or more. It provides flex reports, alerts, and dashboards that will help an administrator to analyze all the security related events.
Flex reports will contain details overview on activities like, login/ logout, login failed, security events like malware detection and blocking, admin activity, etc.
Alerts will be triggered when a critical security event is detected.
Dashboard provides a visual representation all the OpenDNS events in categorized view. This includes, graph pattern, tabular pattern, map, and meter gauge.
For the better convenience and ease of monitoring, EventTracker provides 2 different types of log monitoring:
EventTracker Knowledge Pack for CISCO "Umbrella" OpenDNS allows you to monitor following components:-
Once events are received into EventTracker, Reports, Knowledge Objects, Categories and Dashboards can be configured into EventTracker.
EventTracker Enterprise monitors all the Cisco “Umbrella” OpenDNS Security related events, they are given as below.
The configuration details are consistent with EventTracker version 9.X and later, and Cisco “Umbrella” OpenDNS.
To configure OpenDNS to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration guide