Cisco Umbrella S3 Log Forwarding RemovalUpdated Oct 30, 2023
You can remove Cisco Umbrella® from your Amazon Web Services (AWS)® environment.
Cisco Umbrella is a cloud-delivered security platform that collects information about services, incidents, and threats found on your network to provide Domain Name System (DNS) layer security. Requests are forwarded from your network to Cisco Umbrella, which then inspects and blocks threats.
Arctic Wolf® can ingest logs directly from Cisco Umbrella using the Umbrella Reporting API to provide 24x7 monitoring and tailored alerting on security logs or events. Log forwarding from an AWS Simple Storage Service (S3) bucket is no longer required.
- Administrator permissions on the Cisco Umbrella console.
- Complete Configure Cisco Umbrella monitoring to initiate your migration to an API-based Cisco Umbrella cloud sensor.
- Contact your Concierge Security® Team (CST) to inform them that you are decommissioning your legacy Cisco Umbrella monitoring setup.
- Sign in to the Cisco Umbrella console with administrator permissions.
- In the navigation menu, click Admin > Log Management.
- In the Amazon S3 section, click STOP LOGGING.
- Click STOP LOGGING again.
Sign in to the AWS Management Console.
In the search bar, enter
In the navigation menu, click Stacks
S3LogForwardstack that is dedicated to Cisco Umbrella log forwarding. This stack was given a unique label upon creation. For example,
Cisco-umbrella-logging. The S3LogForward stack description shown in CloudFormation® is similar to
Arctic Wolf Networks: Configure forwarding logs stored in S3.
Note: This stack is not the CloudTrail® base stack, which usually has a variation of
Arctic Wolfin its name. The CloudTrail base stack has 7 nested stacks. These are shown as
NESTEDin Stacks table. The
S3LogForwardstack is a stand-alone stack.
Select the desired stack, and then click Delete
When prompted, click Delete stack.
Legacy Cisco Umbrella log forwarding configurations are removed from your Cisco Umbrella environment.
Note: The S3 bucket dedicated to Cisco Umbrella log forwarding no longer receives logs, but is still available for auditing purposes. If you have no more use for this S3 bucket or the data it contains, delete this S3 bucket. See Working with buckets for more information.