browse
Overview
Umbrella is a powerful tool that gives you a lot of information about your internet traffic. Here is a simple guide to help you decide how to best consume your data:
Use Case | Granularity / Type | Recommendation | Considerations |
Compliance/Long term event retention | Export and store all events | S3: Customer- owned bucket | It is possible to use Cisco Managed Bucket but information is only retained up to 30 days. |
SIEM: Event Correlation | Export all events | S3: Cisco-managed bucket | Information is only retained up to 30 days; offloading needs to be handled. |
Dashboard KPI/Widgets | Activity Search/Aggregations | Reporting API | Query should be well tuned as a broad query will result in timeouts. |
Generate Reports | Aggregations | Reporting API | |
SOAR Workflow: Trigger | Activity Search | Reporting API | Query should be well tuned as a broad query will result in timeouts. |
You can find instructions on how to manage your logs here: https://docs.umbrella.com/deployment-umbrella/docs/log-management and how to manage your APIs here: https://developer.cisco.com/docs/cloud-security/#!reporting-v2-overview