browse
Overview
This article will discuss expected reporting expectations surrounding the retention of proxy data. As a result of storage mechanics, many reports will contain differences of data between pulling recent reports and historical reports.
DNS vs Proxy Data
Umbrella reporting data consists of two data sources, proxy and DNS data. Each data type has a unique data retention.
DNS Data
DNS data is the core data type of Cisco Umbrella as of early 2019. DNS data is all domains sent to the Umbrella DNS resolvers attributed to your organization. This data is in the form of "domain.com" in reports. In the activity search, filter for the "DNS" data type to see just DNS data.
- Data retention:
- 28 days real time data
- At least 1 year aggregate data.
- Reports inclusion
- All real time and aggregate reporting
Proxy data
Proxy data represents additional data into the Umbrella reporting ecosystem. Proxy data is any datapoint captured by the Intelligent proxy or upcoming proxy products. Data captured by the proxy is stored as real time data for 28 days and is not stored in any aggregate data store. Therefore, proxy data will fall off all reports after 28 days. In the activity search, filter for the "Proxy" data type to see just proxy data.
- Data retention:
- 28 days real time data
- No aggregate data.
- Reports inclusion
- All real time and some aggregate reporting for time frame selections within 28 days
Reporting Implications
Below, reporting implications of dns and proxy data separation are outlined for aggregate and real time reports.
Real time reporting
Real time reports are expected to display consistent numbers and meet expectations since the time frame of real time DNS and proxy data are the same at 28 days.
Aggregate reporting
Aggregate reports may significantly differ once the time frame of reporting spans longer than 28 days past the current date. Numbers will significantly change if the intelligent proxy is enabled on your organization
- Reports pulled for time frames between 0-28 days ago will differ from the same time frame pulled after the data is 28 days old.
- April 1-30 pulled on April 30 will produce a higher activity volume than April 1-30 pulled on May 30.
- April 1-30 pulled on May 15 will differ from April 1-30 pulled on May 20.
- Not all aggregate reports may include proxy data
Questions?
Contact our support team! Visit support.umbrella.com or email us at umbrella-support@cisco.com.