This article leads you through the process of integrating Cisco Umbrella with Red Canary. Follow the procedure from beginning to end.
Step 1: Red Canary–Create a Red Canary email for alerts
Create a Red Canary provided-email to send Cisco Umbrella alerts for ingestion.
- From your Red Canary homepage, click the Integrations dropdown, and then click Alert Sources.
- In the search bar, type and select Umbrella.
- To configure your new alert source, scroll down and click Cisco Umbrella.
- Click Edit Configuration.
- Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select Cisco Umbrella via Email.
- Click Save Configuration. This will generate the email address you will use to send Cisco Umbrella alerts to.
- Click Edit Configuration.
- With your alert source configured, click Activate.
- With your Red Canary email generated, log in to Cisco Umbrella.
Step 2: Cisco Umbrella–Configure email alerts
Adjust your Cisco Umbrella settings to send generated alerts to your Red Canary-provided email.
- From your Cisco Umbrella dashboard, click the Reporting dropdown, and then click Scheduled Reports.
- Click +Schedule.
- Click Activity Search or Security Activity depending on the type of information you want to send to Red Canary.
- Select the type of information you want to include in your alert report.
- Enter the recommended configurations below:
- Response:
Blocked
- Event type:
Select All
- Response:
- When you have selected all of the filters for your alert report, click +Schedule.
- Review your filter selections, and then click Continue.
- Select a Delivery Schedule, and then click Continue.
Note: Red Canary recommends you select Daily for the Delivery Schedule. - Enter a Name for your Report Title.
- Enter the Red Canary email provided in Step 1.8.
- Click Save.
Comments
0 comments
Please sign in to leave a comment.