Cisco Umbrella

Cisco Umbrella, formerly known as OpenDNS, is a cloud-based domain name resolution service. Netsurion Open XDR offers a solution for configuring and monitoring both events involving single organizations and Managed Service Providers (MSPs).

Netsurion Open XDR manages logs retrieved from Cisco Umbrella. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing any suspicious activities analyze the activity logs such as, DNS, proxy, firewall, or IP address.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

TypeNameDescription
SecurityCisco Umbrella – Threat has been blockedGenerated when an event, such as DNS, IP address, firewall, or proxy, is blocked by Cisco Umbrella.

Reports

TypeNameDescription
SecurityCisco Umbrella – Proxy activitiesProvides a summary of all the proxy entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, threat name, timestamp of activity, threat score, action taken on the event, and more.
SecurityCisco Umbrella – DNS activitiesProvides a summary of all the DNS entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, timestamp of activity, action taken on the event, and more.
SecurityCisco Umbrella – Firewall activitiesProvides a summary of all the Firewall entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more.
SecurityCisco Umbrella – IP activitiesProvides a summary of all the IP address entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more.

Dashboards

TypeNameDescription
SecurityCisco Umbrella – Security activity by categoryDisplays the data about all security activities based on all different categories.
SecurityCisco Umbrella – Security activity by source IPDisplays the data about all security activities based on source IP.

Saved Searches

TypeNameDescription
SecurityCisco Umbrella – Proxy activitiesProvides a summary of all the proxy entries by Cisco Umbrella. It contains information such as the URL access by the user, URL category, threat name, timestamp of activity, threat score, action taken on the event, and more.
SecurityCisco Umbrella – DNS activitiesProvides a summary of all the DNS entries by Cisco Umbrella.It contains information such as the URL access by the user, URL category, timestamp of activity, action taken on the event, and more.
SecurityCisco Umbrella – Firewall activitiesProvides a summary of all the Firewall entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more.
SecurityCisco Umbrella – IP activitiesProvides a summary of all the IP address entries by Cisco Umbrella. It contains information such as the source IP address, destination IP address, source port, destination port, timestamp of activity, action taken on the event, and more.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and Cisco Umbrella.

Download the Integration Guide for configuration instructions and more information.