The API doc for AMP4E is located here. https://api-docs.amp.cisco.com/api_resources?api_host=api.amp.cisco.com&api_version=v1 You'll be able to massage the data into ELK as you see fit.
If you haven't already, I'd also explore joining Cisco Devnet....
This is expected behavior.
On a protected network, DNS will function as though they are regular network users:
Roaming users will be subject to the relevant network policy's settings.Reporting will be at the network level: You will lose Umbrella ro...
I'm assuming you are wanting some type of historical log analysis? If that is the case right now, a SIEM is the only way you are able to extract that data and retain it. There are a number of open source SIEM tools available that can take advantage o...