Skip to main content

Integrating with Cisco Umbrella

  • Updated

Overview

Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira. 

Important: If you are a Managed Service Provider (MSP) or if you have a multi-org Umbrella account, you must ensure all credentials and settings are at the customer level in Umbrella, not the global MSP level. This ensures that logging to Blumira is specific to the intended customer account.

Before you begin

Before you can configure Blumira to retrieve logs from Cisco Umbrella, you must gather the Cisco Umbrella Organization ID and the Reporting API Key and Secret for the organization you want to collect logs from. 

To gather your Umbrella credentials:

  1. Log in to the Umbrella Admin Console.
  2. Ensure you are in the correct account in your Umbrella console before gathering the credentials.
  3. Complete the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example: 
    https://dashboard.umbrella.com/o/<OrgID>/#/overview
  4. Follow the steps in Umbrella API Authentication: Create an API Key to add a new API key, set the key scope for read-only access to the Report endpoints, then copy your API Key and Secret.
    Tip: MSPs or users with multiple tenants should navigate to Console Settings > API Keys in Umbrella, while users with only a single organization in Umbrella should instead navigate to Admin > API Keys.
    image002.png
  5. Verify if the organization resides in a member state of the European Union. Region information is required for EU organizations so that the cloud connector can successfully connect to the Umbrella API.

Providing API credentials to Blumira

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.

To configure your integration with Blumira Cloud Connector:

  1. In the Blumira app, navigate to Settings > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
  5. Enter the API credentials that you collected in the "Before you begin" section above.
  6. Click Connect.
  7. On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).

Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.

Screenshot 2023-05-30 at 1.51.57 PM.png

Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.

 

Was this article helpful?
1 out of 1 found this helpful
Return to top

Related articles