The deployment-mssp Developer Hub

Welcome to the deployment-mssp developer hub. You'll find comprehensive guides and documentation to help you start working with deployment-mssp as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Manage Logs

By default, each customer's Umbrella dashboard instance logs all requests made by an identity. The level of logging for an identity's activity is set when you configure Centralized Settings > Advanced Settings, which are then shared with your customers' Umbrella dashboards. By default, all requests are logged.

Logging levels are:

  • Log All Requests—For full logging, whether for content, security or otherwise
  • Log Only Security Events—For security logging only, which gives your users more privacy—a good setting for people with the roaming client installed on personal devices
  • Don't Log Any Requests—Disables all logging. If you select this option, most reporting for identities with this policy will not be helpful as nothing is logged to report on.

Logging to Umbrella's Data Warehouse

Cisco Umbrella's data warehouse is where your customer's event data logs are stored. By default, event data logs are saved to Cisco's California location; however, you can change the location of the data warehouse from North America to Europe at any time. For more information, see Change the Location of Event Data Logs.

Logging to Amazon S3

The console has the ability to upload, store, and archive traffic activity logs from your customers' Umbrella dashboards to the cloud through Amazon S3. CSV formatted Umbrella logs are compressed (gzip) and uploaded every ten minutes so that there's a minimum of delay between traffic from the customer's Umbrella dashboard being logged and then being available to download from an S3 bucket.

By having your customers' logs uploaded to an S3 bucket, you can then download logs automatically to keep in perpetuity in backup storage. Or, ingest the logs through your SIEM or another security tool to determine if any security events in these Umbrella logs coincide with events in other security tools.

Umbrella Amazon S3 options:

Advantages and disadvantages to configuring a Cisco-managed bucket

  • Extremely easy to setup—it only takes a couple of minutes—and easy to manage.
  • Included in the license cost for the Managed Services Console, effectively making it free. Although having your own bucket is very inexpensive, the overhead of having to manage another bill can be prohibitive.
  • You cannot add anything to your bucket besides log files from Umbrella and the bucket cannot be used by another application.
  • Some SIEM integration types (such as QRadar) may require advanced privileges for the user accessing the S3 bucket—beyond the basic Read permissions—and as such, may not work with the Amazon S3 feature.
  • You cannot get support from Amazon directly for advanced configuration assistance, such as automation or help with the command line.
  • Data can only be stored offline for a maximum of 30 days.

Note: Existing Umbrella Insights and Umbrella Platform customers can access Log Management with Amazon S3 through the dashboard. Log Management is not available in all packages. If you are interested in this feature, please contact your account manager or email our account management team at [email protected].

Integrate a PSA < Manage Logs > Enable Logging to Your Own S3 Bucket

Updated 8 months ago

Manage Logs

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.