Skip to main content

Integrating with Cisco Umbrella

  • Updated

Overview

Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira. 

Important: If you are a Managed Service Provider (MSP) or if you have a multi-tenant Umbrella account, you must ensure all credentials and settings are at the customer level in Umbrella, not the global MSP level, when you configure the Blumira Cloud Connector. This ensures that the Umbrella logs sent to Blumira are specific to the intended customer account.

Before you begin

Before you can configure Blumira's Cisco Umbrella Cloud Connector to collect logs for an account, you must gather the following details for the Umbrella account:

  • Organization ID
  • Reporting API Key and Secret
  • Host region

To gather your Umbrella credentials:

  1. Log in to the Umbrella Admin Console.
  2. Ensure you are in the correct account in your Umbrella console before gathering the credentials.
  3. Complete the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example: 
    https://dashboard.umbrella.com/o/<OrgID>/#/overview
  4. If you are an MSP or have multiple Umbrella tenants, navigate to Console Settings > API Keys. If you have a single organization in Umbrella, navigate to Admin > API Keys.
  5. Follow the steps in Umbrella API Authentication: Create an API Key to add a new API key, and ensure that you do the following:
    • Select only the top-level Reports key scope in Step 4 of the procedure. Do not select individual resources under the expanded Reports key scope.
    • Set the Reports key scope's access to Read-Only in Step 5.
      image002.png
    • Copy your API Key and Secret for use in later steps.
  6. Verify if the organization resides in a member state of the European Union. Region information is required for EU organizations when adding the Umbrella Cloud Connector so that Blumira can successfully connect to the Umbrella API.

Configuring the Cloud Connector in Blumira

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.

To configure the Blumira Cloud Connector:

  1. In the Blumira app, navigate to Settings > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
  5. Enter the credentials that you collected in the previous steps.
  6. Click Connect.
  7. On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).

Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.

Screenshot 2023-05-30 at 1.51.57 PM.png

Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.

 

Was this article helpful?
1 out of 1 found this helpful
Return to top

Related articles