The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Getting Started with Reports

Use Cisco Umbrella's reports to gain a better understanding of your Umbrella usage. Gain insights into request activity and blocked activity, determining which identities are generating requests that are being blocked. Reports help build actionable intelligence in addressing security threats including changes in trends over time.

See also:

Available Reports

  • Security Overview—Gives you a snapshot of your environment's security activities.
  • Security Activity—Security-related activity in your environment, including malware, phishing, and all other security categories over the selected time period. Filterable by identity, destination, source IP, and security category.
  • Activity Search—Activity from the identities in your environment over a selected time period. Filterable by identity name, destination, source IP, response, content category, and security category.
  • Destinations—Lists the most active destinations within your dashboard for all identities, and that allows you to go further and find out how the traffic for this destination from your identities compares to the traffic from all of the Umbrella global network.
  • Identities—Lists your identities in the order of which is most active, then allowing you to drill down to find out more about that specific identity and what destinations they have visited, whether those destinations are malicious or not, and a trend of their overall traffic.
  • Cloud Services—Overview of cloud services accessed by your organization over the selected time period. Filterable by cloud service name, identity, and classification.
  • Total Requests—Total requests for destinations from your organization over the selected time period. Filterable by identity.
  • Activity Volume—Total queries within your organization broken down by security categories and results over the selected time period. Filterable by identity. This report has two views: Snapshot (table) and Trend Over Time (graph).
  • Top Domains—A list of the most requested domains within your organization over the selected time period. Filterable by identity, response, destination, content category, and security category.
  • Top Categories—A list of the top content categories for your organization over the selected time period. Filterable by identity and response.
  • Top Identities—A list of the top traffic-generating identities over the selected time period. Filterable by identity and destination.
  • Admin Audit Log—A record of any configuration changes made to your settings by any of your Umbrella administrators.

Report Retention

The reporting of information begins as soon as you start sending traffic to Umbrella.

The following reports are retained for two calendar years:

  • Total Requests
  • Top Domains
  • Top Categories
  • Top Identities

Activity Volume is retained for one calendar year.

You can review and filter reported data on various timelines. Timelines vary depending on the report, from the last hour to the last thirty days, and in some cases custom date ranges in increments of time—up to 30 or 90 days—going back one to two years.

The following reports are limited to a 30-day search window:

  • Top Domains
  • Total Requests
  • Security Activity
  • Activity Search
    Note: *Umbrella does not retain Security Activity or Activity Search data for more than 30 days.

Admin Audit log Retention

The Admin Audit log retains data for one year. You can access data in three month increments. For more information, see the Admin Audit Log Report.

Exporting Report Data to CSV

Some reports let you export the results of a query to the CSV format. This lets you create other reports and graphs by feeding this data to other tools.

Note: The timezone of exported data is always UTC, regardless of the user's timezone.

Exportable reports:

  • Activity Search
  • Cloud Services
  • Top Domains
  • Top Categories
  • Top Identities
  1. From the top of the report, click Download.
  1. Give your report a good meaningful title, add the number of rows of data you want returned and click Export.
    Note: Data is limited to 1,000,000 rows when exporting to CSV. If your report exceeds 1,000,000 rows, consider re-running the report with a shorter smaller time or with a more granular filter. It's a good idea to check the last row of your first report, then re-run the report from that time period for the next chunk of data.
  1. When you click Export, you are taken to the Exported Reports page where you can download your CSV file.
  1. Click the Download icon.
    Your CSV is automatically downloaded.

Getting Started with Reports > Scheduling Reports