Cisco Umbrella DNS - DNS Traffic
Cisco Umbrella DNS - Proxied Traffic
Overview
Cisco Umbrella is the leading platform for network DNS security monitoring. Umbrella’s DNS-layer security offers a fast and easy way to enhance security, providing improved visibility and protection for users both on and off the network. By preventing threats over any port or protocol before they reach the network or endpoints, Umbrella DNS-layer security aims to deliver the most secure, reliable, and fastest internet experience to over 100 million users.
The Cisco Umbrella DNS integration collects DNS and Proxy logs and sends them to Datadog. Using the out-of-the-box logs pipeline, the logs are parsed and enriched for easy searching and analysis. This integration includes several dashboards visualizing total DNS requests, allowed/blocked domains, top blocked categories, proxied traffic over time, and more. If you have Datadog Cloud SIEM, Umbrella DNS logs will be analyzed by threat intelligence for matches against common attacker destinations. DNS logs are also useful for threat hunting and during investigations to compliment logs from other sources.
Setup
Configuration
Cisco Umbrella DNS Configuration
- Login to Umbrella with your credentials.
- From the left panel, select Admin.
- Select API Keys.
- Create a new API Key.
- Apply the
reports.aggregations:read
and reports.granularEvents:read
key scopes to the API key. - Copy the API Key and Key Secret, which will be used during the next portion of configuration steps.
Cisco Umbrella DNS DataDog Integration Configuration
Configure the Datadog endpoint to forward Cisco Umbrella DNS events as logs to Datadog.
- Navigate to
Cisco Umbrella DNS
. - Add your Cisco Umbrella DNS credentials.
Cisco Umbrella DNS Parameters | Description |
---|
API Key | The API Key from Cisco Umbrella. |
Key Secret | The Key Secret from Cisco Umbrella. |
Data Collected
Logs
The integration collects and forwards Cisco Umbrella DNS and Proxy logs to Datadog.
Metrics
The Cisco Umbrella DNS integration does not include any metrics.
Events
The Cisco Umbrella DNS integration does not include any events.
Support
For further assistance, contact Datadog Support.