This article leads you through the process of integrating Cisco Umbrella with Red Canary. Follow the procedure from beginning to end.

Step 1: Red Canary–Create a Red Canary email for alerts

Create a Red Canary provided-email to send Cisco Umbrella alerts for ingestion.

1. From your Red Canary homepage, click the Integrations dropdown, and then click Alert Sources.
2. In the search bar, type and select Umbrella.
   
   
3. To configure your new alert source, scroll down and click Cisco Umbrella.
4. Click Edit Configuration.
5. Enter a Name for your external alert source.  
6. Select a Display Category.
7. Under the Ingest Format/Method dropdown, select Cisco Umbrella via Email.
   
   
8. Click Save Configuration. This will generate the email address you will use to send Cisco Umbrella alerts to.
   
   
9. Click Edit Configuration.
10. With your alert source configured, click Activate.
11. With your Red Canary email generated, log in to Cisco Umbrella.

Step 2: Cisco Umbrella–Configure email alerts

Adjust your Cisco Umbrella settings to send generated alerts to your Red Canary-provided email.

1. From your Cisco Umbrella dashboard, click the Reporting dropdown, and then click Scheduled Reports.
2. Click +Schedule.
3. Click Activity Search or Security Activity depending on the type of information you want to send to Red Canary.
   
   
4. Select the type of information you want to include in your alert report.
5. Enter the recommended configurations below:
   • Response:Blocked
   • Event type:Select All
     
6. When you have selected all of the filters for your alert report, click +Schedule.
   
7. Review your filter selections, and then click Continue.
8. Select a Delivery Schedule, and then click Continue.
   Note: Red Canary recommends you select Daily for the Delivery Schedule.
   
   
9. Enter a Name for your Report Title.  
10. Enter the Red Canary email provided in Step 1.8.
    
    
11. Click Save.