Integrate Cisco Umbrella with Red Canary

Create a Red Canary provided-email to send Cisco Umbrella alerts for ingestion.

1. From your Red Canary homepage, click Integrations, and See all integrations.

   

2. Type and select Cisco Umbrella (DNS-layer Security).

   

3. Click Configure.

4. Enter a Name for your external alert source.  

5. Select a Display Category.

6. Under the Ingest Format/Method dropdown, select Cisco Umbrella via Email.

   Note: Only Email should be selected for this alert source. For more information, see Supported Integrations.

   

7. Click Save Configuration. This will generate the email address you will use to send Cisco Umbrella alerts to.

   

8. Click Edit Configuration.

9. With your alert source configured, click Activate.

10. With your Red Canary email generated, log in to Cisco Umbrella.

Adjust your Cisco Umbrella settings to send generated alerts to your Red Canary-provided email.

1. From your Cisco Umbrella dashboard, click the Reporting dropdown, and then click Scheduled Reports.

2. Click +Schedule.

3. Click Activity Search or Security Activity depending on the type of information you want to send to Red Canary.

   

4. Select the type of information you want to include in your alert report.

5. Enter the recommended configurations below:

   • Response: Blocked

   • Event type: Select All

     

6. When you have selected all of the filters for your alert report, click +Schedule.

7. Review your filter selections, and then click Continue.

8. Select a Delivery Schedule, and then click Continue.

   Note: Red Canary recommends you select Daily for the Delivery Schedule.

   

9. Enter a Name for your Report Title.  

10. Enter the Red Canary email provided in Step 1.7.

    

11. Click Save.