05-10-2024 10:21 AM
Hello,
I have been tasked with ingesting Umbrella logs into our new SOC monitoring.
During this onboarding process I was able to allow the SOC access to my S3 bucket for umbrella logs but noticed that only DNS logs are current.
I have old IP & Proxy logs in my bucket, but those haven't been reported to my S3 bucket since 2019.
Maybe these logs aren't used by umbrella any longer?
I'm not sure why they stopped or how to re-enable IP & proxy logging to my S3 bucket.
Can anyone shed any light on this as a starting point to investigate please?
Thanks,
06-25-2024 07:57 AM
Hello there,
Have you checked the Umbrella dashboard, Policies > web policy > ruleset logging ?
It is possible someone has disable logging for web traffic. This assumes that your Umbrella subscription includes the web proxy. If not, and your subscription is DNS only, then check the DNS policy for the similar logging settings and also a setting that allows you to enable/disable the intelligent proxy.
Regards,
Mark
07-03-2024 04:34 AM
Hi,
Please check if your ruleset logging is enables to log all requests under your web policies.
If you find this useful, please mark it helpful and accept the solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide