cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
0
Helpful
2
Replies

Umbrella IP & Proxy logs in AWS S3 bucket

zietgiestt
Level 1
Level 1

Hello,

I have been tasked with ingesting Umbrella logs into our new SOC monitoring.

During this onboarding process I was able to allow the SOC access to my S3 bucket for umbrella logs but noticed that only DNS logs are current.
I have old IP & Proxy logs in my bucket, but those haven't been reported to my S3 bucket since 2019.

Maybe these logs aren't used by umbrella any longer?

I'm not sure why they stopped or how to re-enable IP & proxy logging to my S3 bucket.

Can anyone shed any light on this as a starting point to investigate please?

 

Thanks,

2 Replies 2

mmaciw
Cisco Employee
Cisco Employee

 

Hello there,

 

Have you checked the Umbrella dashboard, Policies > web policy > ruleset logging ?

 

It is possible someone has disable logging for web traffic. This assumes that your Umbrella subscription includes the web proxy. If not, and your subscription is DNS only, then check the DNS policy for the similar logging settings and also a setting that allows you to enable/disable the intelligent proxy.

 

Regards,

Mark

Pulkit Mittal
Spotlight
Spotlight

Hi,

Please check if your ruleset logging is enables to log all requests under your web policies. 

PulkitMittal_0-1720006388770.png

If you find this useful, please mark it helpful and accept the solution.