Guides
ProductDeveloperPartnerPersonal

View CDFW Events

The App Discovery Report provides details for Cloud-delivered firewall (CDFW) events where applications were blocked or allowed, based on firewall policy configuration.

πŸ‘

A CDFW (part of Cisco Umbrella SIG Essentials subscription) license is required to view these events in Apps Discovery. For more information, see Determine Your Current Package.

Table of Contents

Prerequisites

View CDFW Events by App Risk

  1. Navigate to Reporting > Core Reports > App Discovery. In the App Discovery dashboard, navigate to DNS Requests by App Risk and click on Umbrella CDFW.
1186
  1. Hover on a date in the graph to view details of the CDFW events and their App risks for that day.
596

View CDFW Events in the Apps Grid

  1. Navigate to Reporting > Core Reports > App Discovery and click one of the app labels to open the Apps Grid.
1244
  1. Click the action menu to open a list of columns to display. Select CDFW Events and Blocked CDFW Events and click Apply.
264

The number of CDFW and blocked CDFW events appears in the Apps Grid for apps with these events.

1241

View CDFW Events in an App's Details

  1. Navigate to Reporting > Core Reports > App Discovery and click one of the app labels to open the Apps Grid. Click the name of an app to view its details for the last 90 days.
1244
  1. View the total number of CDFW events and blocked CDFW events.
1186
  1. Click the Identities tab to view the number of CDFW events and blocked CDFW events for each identity requesting this app.
1182

View a CDFW Protocol Details

  1. Navigate to Reporting > Core Reports > App Discovery. In the App Discovery dashboard, navigate to Flagged Application Protocols.
1205
  1. Choose a protocol to view CDFW events for.
1188
  1. Choose to display all, allowed, or blocked events.
1199
  1. Hover on a date in the graph to view details of CDFW events for that date. Click on the point to open the Protocol Details.
1193

The Protocol Details page provides information for CDFW events for the last 30 days, including the total, allowed and blocked CDFW events as well as identities triggering these events.
Clicking Control this protocol will direct you to the Firewall Policy. For more information, see Manage Firewalls.

1237

Protocols supported:

  • edonkey-static
  • encrypted-emule
  • encrypted-bittorrent
  • ftp
  • gnutella
  • hangouts-file-transfer
  • ms-teams-app-sharing
  • ms-teams-audio
  • ms-teams-video
  • ntp
  • openvpn
  • secure-ftp
  • slack-media
  • ssh
  • sunrpc
  • syslog
  • telnet
  • teamviewer
  • tor

View Traffic Data Through SWG < View CDFW Events > Top Threat Report