Cisco Umbrella is the leading platform for network DNS security monitoring. Umbrella's DNS-layer security offers a fast and easy way to enhance security, providing improved visibility and protection for users both on and off the network. By preventing threats over any port or protocol before they reach the network or endpoints, Umbrella DNS-layer security aims to deliver the most secure, reliable, and fastest internet experience to over 100 million users.
The Cisco Umbrella DNS integration collects DNS and Proxy logs and sends them to Datadog. Using the out-of-the-box logs pipeline, the logs are parsed and enriched for easy searching and analysis. This integration includes several dashboards visualizing total DNS requests, allowed/blocked domains, top blocked categories, proxied traffic over time, and more. If you have Datadog Cloud SIEM, Umbrella DNS logs will be analyzed by threat intelligence for matches against common attacker destinations. DNS logs are also useful for threat hunting and during investigations to compliment logs from other sources.
- Login to Umbrella with your credentials.
- From the left panel, select Admin.
- Select API Keys.
- Create a new API Key.
- Apply the
reports.aggregations:read
andreports.granularEvents:read
key scopes to the API key. - Copy the API Key and Key Secret, which will be used during the next portion of configuration steps.
Configure the Datadog endpoint to forward Cisco Umbrella DNS events as logs to Datadog.
- Navigate to
Cisco Umbrella DNS
. - Add your Cisco Umbrella DNS credentials.
Cisco Umbrella DNS Parameters | Description |
---|---|
API Key | The API Key from Cisco Umbrella. |
Key Secret | The Key Secret from Cisco Umbrella. |
The integration collects and forwards Cisco Umbrella DNS and Proxy logs to Datadog.
The Cisco Umbrella DNS integration does not include any metrics.
The Cisco Umbrella DNS integration does not include any events.
For further assistance, contact Datadog Support.