Cisco Umbrella

Samurai [Local] Collector	Samurai [Cloud] Collector

This guide describes the steps required to configure Cisco Umbrella to send logs to S3 storage for ingestion to Samurai via a cloud collector.

Prerequisites

Cisco Umbrella integration requires a self managed AWS S3 bucket. For more information on Cisco Umbrella logging refer to the Cisco documentation Manage Your Logs.

Ensure that an AWS cloud collector has been deployed via the Samurai MDR portal.

Guide available here

Upon creation of the cloud collector you must have selected Yes under AWS Configuration - Enable Cisco Umbrella access to S3 Bucket via Bucket Policy

If you are planning to reuse an already deployed AWS cloud collector, the information can be found via:

Navigate to the Samurai MDR portal.
Click Telemetry and select Collectors from the main menu
Click on the name of the desired collector.
Note down information:

Account number
Bucket name
Region

Alternatively, you can utilize the integration setup wizard via the Samurai MDR portal for the desired telemetry source listed on Product Integration Guide page which shall provide you the same information required to setup your telemetry source.

Enable Logging in the Cisco Umbrella Console

Ensure you have the exact name of the AWS S3 bucket

Follow the Enable Logging section (Steps 1-3) in the Cisco Umbrella documentation:

Enable Logging

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.