View CDFW Events

The App Discovery Report provides details for Cloud-delivered firewall (CDFW) events where applications were blocked or allowed, based on firewall policy configuration.

👍

A CDFW (part of Cisco Umbrella SIG Essentials subscription) license is required to view these events in Apps Discovery. For more information, see Determine Your Current Package.

Table of Contents

• Prerequisites
• View CDFW Events by App Risk
• View CDFW Events in the Apps Grid
• View CDFW Events in an App's Details
• View a CDFW Protocol Details

Prerequisites

• A minimum of Read Only access to the Umbrella dashboard. See Manage User Roles.

View CDFW Events by App Risk

1. Navigate to Reporting > Core Reports > App Discovery. In the App Discovery dashboard, navigate to DNS Requests by App Risk and click on Umbrella CDFW.

2. Hover on a date in the graph to view details of the CDFW events and their App risks for that day.

View CDFW Events in the Apps Grid

1. Navigate to Reporting > Core Reports > App Discovery and click one of the app labels to open the Apps Grid.

2. Click the action menu to open a list of columns to display. Select CDFW Events and Blocked CDFW Events and click Apply.

The number of CDFW and blocked CDFW events appears in the Apps Grid for apps with these events.

View CDFW Events in an App's Details

1. Navigate to Reporting > Core Reports > App Discovery and click one of the app labels to open the Apps Grid. Click the name of an app to view its details for the last 90 days.

2. View the total number of CDFW events and blocked CDFW events.

3. Click the Identities tab to view the number of CDFW events and blocked CDFW events for each identity requesting this app.

View a CDFW Protocol Details

1. Navigate to Reporting > Core Reports > App Discovery. In the App Discovery dashboard, navigate to Flagged Application Protocols.

2. Choose a protocol to view CDFW events for.

3. Choose to display all, allowed, or blocked events.

4. Hover on a date in the graph to view details of CDFW events for that date. Click on the point to open the Protocol Details.

The Protocol Details page provides information for CDFW events for the last 30 days, including the total, allowed and blocked CDFW events as well as identities triggering these events.
Clicking Control this protocol will direct you to the Firewall Policy. For more information, see Manage Firewalls.

Protocols supported:

• edonkey-static
• encrypted-emule
• encrypted-bittorrent
• ftp
• gnutella
• hangouts-file-transfer
• ms-teams-app-sharing
• ms-teams-audio
• ms-teams-video
• ntp
• openvpn
• secure-ftp
• slack-media
• ssh
• sunrpc
• syslog
• telnet
• teamviewer
• tor

---

View Traffic Data Through SWG < View CDFW Events > Top Threats Report