Cisco Umbrella

Inspect all internet traffic for signs of suspicious activity

Request a DemoRead the Docs

App Info

Monitor Cisco Umbrella Logs to gain complete security visibility into Internet activity with Panther’s Cisco Umbrella integration.

Cisco Umbrella is a secure web gateway that collects information about services, incidents, and threats on your network. Panther can collect, normalize, and monitor Cisco Umbrella logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Cisco Umbrella with Panther include:

  • Identify DNS lookups to suspicious domains that could indicate a phishing attack
  • Monitor blocked network traffic in your corporate environment
  • Inspect proxy traffic

How it Works

The integration is simple and fast:

  • Configure Umbrella to write logs to an Amazon S3 bucket
  • Link this S3 Bucket to Panther as a data source
  • Panther parses, normalizes, and analyzes your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer to baseline behaviors and power investigations (Enterprise only)
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for Cisco Umbrella.