ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.

Cisco Umbrella SmartConnector support (OpenDNS)

Idea ID 2766589

Cisco Umbrella SmartConnector support (OpenDNS)

Please add parsing for Cisco Umbrella (previously OpenDNS Umbrella).

In November 2012 OpenDNS launched its network security product suite called Umbrella, designed to enforce security policies for mobile employees who work beyond the corporate network using roaming devices such as Windows and Mac laptops, iPhones, and iPads, and provides granular network security for all devices behind the network perimeter. In February 2013 the company launched the OpenDNS Security Graph to support Umbrella. Security graph is a data-driven threat intelligence engine  that automatically updates malware, botnet, and phishing domain and IP blacklists enforced by Umbrella. The data is sourced from the DNS requests OpenDNS receives, plus the BGP routing tables that are managed by OpenDNS's network operations center.

3 Comments
Micro Focus Contributor
Micro Focus Contributor
Status changed to: Accepted

We are currently looking into the requirements to properly support CISCO Umbrella.

 

Vice Admiral Vice Admiral
Vice Admiral

We made a flex by now... Will forward this thread to the person who built it, maybe we are allowed to share.

Commodore
Commodore

@dalesio, @Karlo_Luiten Since these parsers were written for a client who paid for the development I cannot share them openly here.

@dalesio, happy to share them to you for Micro Focus use if they are of assistance:

1. JSON flex for security events API - runs under REST Flexconnector
2. File flexes for the proxy and DNS *.csv.gz files found in an S3 bucket

Martyn

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.