New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Commodore
Commodore
1040 views

Cisco Umbrella and ArcSight

I am looking for information on getting Cisco Umbrella (cloud) events into ArcSight.   Any help is appreciated. 

 

Kim

0 Likes
3 Replies
Highlighted
Lieutenant Commander
Lieutenant Commander

Hi Kim,

Take a look at the attached URL

How to Download logs from Cisco Umbrella Log Management in AWS S3

Cheers

 

0 Likes
Highlighted
Commander Commander
Commander

Hi,

you can use python library for downloading files, and afterthat you need to parse it with flexconnector.

0 Likes
Highlighted
Lieutenant
Lieutenant

Hello Kgraham,

 

good day to you. I understand it has been a long while you requested for this but then, I would like to find out if you were able to get it to work whether with community's input or you figured something out eventually.

On my part, I was able to get it to work with the latest SmartConnector 8.0 framework which has by default a CISCO UMBRELLA agent. Unfortunately, I could not get more than 10 logs, after which i could not see the logs coming again. Checked agent.log and found this error -"[ERROR] [java.lang.Exception: Incorrect format, expected [10] for cisco umbrella tokens, found [11]"-

Kindly assist.

Regards,

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.