Overview
The collector retrieves events information from the Cisco Umbrella service using AWS S3.
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Allowed source events obfuscation |
|
Data sources
Data source | Description | AWS S3 subfolder | Collector service name | Devo table | Available from release |
DNS logs | DNS logs show traffic that has reached our DNS resolvers. |
| dnslogs |
| v1.0.0 |
IP logs | IP logs |
| iplogs |
| v1.0.0 |
Proxy Logs | Proxy logs show traffic that has passed through the Umbrella secure web gateway (SWG) or the Selective Proxy. |
| proxylogs |
| v1.0.0 |
Firewall Traffic | Cloud Firewall logs show traffic that has been handled by network tunnels. |
| firewalllogs |
| v1.0.0 |
Admin Audit Logs | Admin Audit logs show changes made by your administrative team in your organization's Umbrella settings. |
| auditlogs |
| v1.0.0 |
Intrusion IPS Traffic | IPS logs show traffic, events, and possible threats detected by Umbrella's Intrusion Prevention System. |
| intrusionlogs |
| v1.0.0 |
DLP Traffic | DLP logs show information about DLP events where data identifiers were triggered and a violation occurred. DLP logs are available in all versions. |
| dlplogs |
| v1.0.0 |
For more information on how the events are parsed, visit our page.
Flattening preprocessing
This collector does not implement flattening.
Source event obfuscation
This collector obfuscates credentials by default:
aws_access_key
aws_access_secret
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
---|---|
| The AWS Access key for the AWS account. |
| The AWS Access secret for the AWS account. |
Accepted authentication methods
Authentication method | AWS Access Key | AWS Access Secret |
AWS Authentication | Required | Required |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
This section is intended to explain how to proceed with specific actions for services.
Custom service
Collector operations
This section is intended to explain how to proceed with specific operations of this collector.
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| IMPROVEMENTS | Improvements
|
| |
| IMPROVEMENTSBUG FIXES | Improvements
Bug fixes
|
| |
| IMPROVEMENTS BUG FIXES | Improvements
Bug fixes
|
| |
| BUG FIX | Bug fixes:
|
| |
| FEATURE | Initial release |
|