Overview
Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira.
Before you begin
Before you can configure Blumira to retrieve logs from Cisco Umbrella, you must gather the Cisco Umbrella Organization ID and the Reporting API Key and Secret for the organization you want to collect logs from.
To gather your Umbrella credentials:
- Log in to the Umbrella Admin Console.
- Ensure you are in the correct account in your Umbrella console before gathering the credentials.
- Complete the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example:
https://dashboard.umbrella.com/o/<OrgID>/#/overview
- Follow the steps in Umbrella API Authentication: Create an API Key to add a new API key, set the key scope for read-only access to the Report endpoints, then copy your API Key and Secret.
Tip: MSPs or users with multiple tenants should navigate to Console Settings > API Keys in Umbrella, while users with only a single organization in Umbrella should instead navigate to Admin > API Keys. - Verify if the organization resides in a member state of the European Union. Region information is required for EU organizations so that the cloud connector can successfully connect to the Umbrella API.
Providing API credentials to Blumira
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure your integration with Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector that you want to add.
- If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
- Enter the API credentials that you collected in the "Before you begin" section above.
- Click Connect.
- On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.