Guy Williams

Cisco Umbrella Logs & RSA NetWitness Integration

Blog Post created by Guy Williams Employee on Mar 26, 2019

Cisco Umbrella uses the internet’s infrastructure to block malicious destinations before a connection is ever established.  By delivering security from the cloud, not only do you save money, but also provide more effective security.  Cisco Umbrella observes your internet traffic, blocks any malicious destinations and logs the activities. Our Cisco Umbrella plugin is meant to collect these logs into the NetWitness Platform which helps the security analysts to analyze the different kinds of attacks, security breaches etc.


For more information please refer to:


Logs from Cisco Umbrella cloud can be exported to an AWS S3 bucket which can be managed by Cisco or the customer.  Cisco Umbrella plugin uses Amazon's API to fetch the logs from AWS s3 bucket.





Configuration Guide:  Cisco Umbrella Event Source Configuration Guide 

Collector Package on RSA Live: "Cisco Umbrella Log Collector Configuration"

Parser on RSA Live: CEF