Connect to Cisco Umbrella with the Blumira Cloud Connector to send event data from Umbrella directly to Blumira.
Important: If you are a Managed Service Provider (MSP) or if you have a multi-tenant Umbrella account, this procedure does not accurately represent the steps you will go through in Umbrella before configuring Blumira. For example, you will need to obtain the same credentials for use by the Blumira platform, but the location and steps to obtain the credentials in Umbrella are different. Also, you must ensure all credentials and settings are at the customer level in Umbrella, not the global MSP level.
Before you begin
Before you can configure Blumira to retrieve logs from Cisco Umbrella, you must gather your Cisco Umbrella Organization ID and Reporting API Key and Secret. To gather this information:
- Go to the Umbrella Admin Console and follow the steps in Find Your Organization ID to obtain the Organization ID. This is typically a 7-digit number in the URL, shown as <OrgID> in the following example:
- Follow the steps in Umbrella API Authentication: Create an API Key to gather your Umbrella Reporting API Key and Secret.
Providing API credentials to Blumira
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure your integration with Blumira Cloud Connector:
- In the Blumira app, go to the Cloud Connectors page (Settings > Cloud Connectors).
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector that you want to add.
- If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
- Enter the API credentials that you collected in the "Before you begin" section above.
- Click Connect.
- On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
Note: To include client names in the Umbrella logs, you must configure Active Directory integration with Umbrella. See Cisco Umbrella AD Integration for more information.