Cisco Umbrella S3 Log Forwarding Removal
Updated Oct 30, 2023Remove Cisco Umbrella from your AWS environment
You can remove Cisco Umbrella® from your Amazon Web Services (AWS)® environment.
Cisco Umbrella is a cloud-delivered security platform that collects information about services, incidents, and threats found on your network to provide Domain Name System (DNS) layer security. Requests are forwarded from your network to Cisco Umbrella, which then inspects and blocks threats.
Arctic Wolf® can ingest logs directly from Cisco Umbrella using the Umbrella Reporting API to provide 24x7 monitoring and tailored alerting on security logs or events. Log forwarding from an AWS Simple Storage Service (S3) bucket is no longer required.
Requirements
- Administrator permissions on the Cisco Umbrella console.
Before you begin
- Complete Configure Cisco Umbrella monitoring to initiate your migration to an API-based Cisco Umbrella cloud sensor.
- Contact your Concierge Security® Team (CST) to inform them that you are decommissioning your legacy Cisco Umbrella monitoring setup.
Steps
Step 1: Stop Cisco Umbrella log forwarding to S3
- Sign in to the Cisco Umbrella console with administrator permissions.
- In the navigation menu, click Admin > Log Management.
- In the Amazon S3 section, click STOP LOGGING.
- Click STOP LOGGING again.
Step 2: Remove Cisco Umbrella log forwarding configurations
-
Sign in to the AWS Management Console.
-
In the search bar, enter
CloudFormation
. -
Click CloudFormation.
-
In the navigation menu, click Stacks
-
Find the
S3LogForward
stack that is dedicated to Cisco Umbrella log forwarding. This stack was given a unique label upon creation. For example,Cisco-umbrella-logging
. The S3LogForward stack description shown in CloudFormation® is similar toArctic Wolf Networks: Configure forwarding logs stored in S3
.Note: This stack is not the CloudTrail® base stack, which usually has a variation of
Arctic Wolf
in its name. The CloudTrail base stack has 7 nested stacks. These are shown asNESTED
in Stacks table. TheS3LogForward
stack is a stand-alone stack. -
Select the desired stack, and then click Delete
-
When prompted, click Delete stack.
Legacy Cisco Umbrella log forwarding configurations are removed from your Cisco Umbrella environment.
Note: The S3 bucket dedicated to Cisco Umbrella log forwarding no longer receives logs, but is still available for auditing purposes. If you have no more use for this S3 bucket or the data it contains, delete this S3 bucket. See Working with buckets for more information.