Overview
Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira.
Before you begin
Before you can configure Blumira's Cisco Umbrella Cloud Connector to collect logs for an account, you must gather the following details for the Umbrella account:
- Organization ID
- Reporting API Key and Secret
- Host region
To gather your Umbrella credentials:
- Log in to the Umbrella Admin Console.
- Ensure you are in the correct account in your Umbrella console before gathering the credentials.
- Complete the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example:
https://dashboard.umbrella.com/o/<OrgID>/#/overview
- If you are an MSP or have multiple Umbrella tenants, navigate to Console Settings > API Keys. If you have a single organization in Umbrella, navigate to Admin > API Keys.
- Follow the steps in Umbrella API Authentication: Create an API Key to add a new API key, and ensure that you do the following:
- Select only the top-level Reports key scope in Step 4 of the procedure. Do not select individual resources under the expanded Reports key scope.
- Set the Reports key scope's access to Read-Only in Step 5.
- Copy your API Key and Secret for use in later steps.
- Verify if the organization resides in a member state of the European Union. Region information is required for EU organizations when adding the Umbrella Cloud Connector so that Blumira can successfully connect to the Umbrella API.
Configuring the Cloud Connector in Blumira
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector that you want to add.
- If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
- Enter the credentials that you collected in the previous steps.
- Click Connect.
- On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.