Script for Cisco Umbrella Logs via API Calls without AWS
I attached a script as PoC of integrating logs via API calls.
A specific example was for Cisco Umbrella cloud logs, the standard integration is done via AWS but during a specific case AWS was blocked from a customer network so I used this alternative, using scheduled execution of the script it will request the last 15 minutes Blocked logs via and insert them into a CEF file that can be ingested directly by a CEF Folder Follower SmartConnector without a flex.
The concept is generic for any API-accessible solution.
More details on my Github repo ;