Providing Cisco Umbrella Credentials to Arctic Wolf

Configuration Guide

Overview

This document describes how to retrieve the API token credentials that Arctic Wolf® needs to monitor Cisco Umbrella. After you complete this configuration, Arctic Wolf can monitor logs from your Cisco Umbrella environment.

As part of this configuration, you must provide the following information for your Cisco Umbrella environment to Arctic Wolf using the Arctic Wolf Portal:

Note: The secret key is only available to view during API key creation. If this information is lost before you submit it to Arctic Wolf, you must create a new set of API and secret keys.

Before you begin

This process requires you to have administrator access to the Cisco Umbrella console.

Creating the Cisco Umbrella credentials

To create your Cisco Umbrela credentials:

  1. Sign in to the Cisco Umbrella console as an administrator.

  2. Select Admin > API Keys. If you have:

    • Existing API keys — Click Create.
    • No existing API keys — Click CREATE API KEY
  3. Click Umbrella Reporting, and then click Create.

  4. Copy the following values to provide to Arctic Wolf later:

    • Your Key — The API key.
    • Your Secret — The secret key.
    • Organization ID — Located in your Cisco Umbrella console URL, similar to https://dashboard.umbrella.com/o/<Organization_ID>.

Providing credentials to Arctic Wolf

To provide your Cisco Umbrella credentials to Arctic Wolf on the Arctic Wolf Portal:

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select + Add Account to open the Add Account form.

  4. Select Cloud Threat Detection as the Account Type.

  5. Select Cisco Umbrella from the list of cloud services.

    1. Enter a descriptive name for the credentials.

    2. Paste the following values that you obtained in Creating the Cisco Umbrella credentials into the appropriate text boxes:

    • API key
    • Secret key
    • Organization ID
  6. Click Submit to CST.

  7. When prompted with the confirmation message, review your submission and then click Done. This returns you to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team (CST) provisions security monitoring for your Cisco Umbrella environment, the status of your credentials changes to Connected.