This article leads you through the process of integrating Cisco Umbrella with Red Canary. Follow the procedure from beginning to end.

Step 1: Red Canary–Create a Red Canary email for alerts

Create a Red Canary provided-email to send Cisco Umbrella alerts for ingestion.

1. From your Red Canary homepage, click Integrations.
   
2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
   Note: If you do not see your security product listed, click See all integrations. 
   
3. In the search bar, type and then select your third-party security source.
   
4. Continue onto the next step by configuring your third-party security source in Red Canary.
   Note: Your third-party security source may require that you contact Red Canary to configure.
   
5. Enter a Name for your external alert source.  
6. Select a Display Category.
7. Under the Ingest Format/Method dropdown, select Cisco Umbrella via Email. (Please note that only Email should be selected for this alert source — see supported ingest methods here) 
   
   
8. Click Save Configuration. This will generate the email address you will use to send Cisco Umbrella alerts to.
   
   
9. Click Edit Configuration.
10. With your alert source configured, click Activate.
11. With your Red Canary email generated, log in to Cisco Umbrella.

Step 2: Cisco Umbrella–Configure email alerts

Adjust your Cisco Umbrella settings to send generated alerts to your Red Canary-provided email.

1. From your Cisco Umbrella dashboard, click the Reporting dropdown, and then click Scheduled Reports.
2. Click +Schedule.
3. Click Activity Search or Security Activity depending on the type of information you want to send to Red Canary.
   
   
4. Select the type of information you want to include in your alert report.
5. Enter the recommended configurations below:
   • Response:Blocked
   • Event type:Select All
     
6. When you have selected all of the filters for your alert report, click +Schedule.
   
7. Review your filter selections, and then click Continue.
8. Select a Delivery Schedule, and then click Continue.
   Note: Red Canary recommends you select Daily for the Delivery Schedule.
   
   
9. Enter a Name for your Report Title.  
10. Enter the Red Canary email provided in Step 1.8.
    
    
11. Click Save.