Remove Cisco Umbrella from your AWS environment

You can remove Cisco Umbrella® from your Amazon Web Services (AWS)® environment.

Arctic Wolf® can ingest logs directly from Cisco Umbrella using the Umbrella Reporting API to provide 24x7 monitoring and tailored alerting on security logs or events. Log forwarding from an AWS Simple Storage Service (S3) bucket is no longer required.

These resources are required:

  • Administrator permissions on the Cisco Umbrella console.

These actions are required:

  • Complete Configure Cisco Umbrella for Arctic Wolf monitoring to initiate your migration to an API-based Cisco Umbrella cloud sensor.
  • Contact your Concierge Security® Team (CST) to inform them that you are decommissioning your legacy Cisco Umbrella monitoring setup.

Stop Cisco Umbrella log forwarding to S3

  1. Sign in to the Cisco Umbrella console with administrator permissions.
  2. In the navigation menu, click Admin > Log Management.
  3. In the Amazon S3 section, click STOP LOGGING.
  4. Click STOP LOGGING again.

Remove Cisco Umbrella log forwarding configurations

  1. Sign in to the AWS Management Console.
  2. In the search bar, enter CloudFormation.
  3. Click CloudFormation.
  4. In the navigation menu, click Stacks
  5. Find the S3LogForward stack that is dedicated to Cisco Umbrella log forwarding. This stack was given a unique label upon creation. For example, Cisco-umbrella-logging. The S3LogForward stack description shown in CloudFormation® is similar to Arctic Wolf Networks: Configure forwarding logs stored in S3.
    Note:

    This stack is not the CloudTrail® base stack, which usually has a variation of Arctic Wolf in its name. The CloudTrail base stack has 7 nested stacks. These are shown as NESTED in Stacks table. The S3LogForward stack is a stand-alone stack.

  6. Select the desired stack, and then click Delete
  7. When prompted, click Delete stack.

    Legacy Cisco Umbrella log forwarding configurations are removed from your Cisco Umbrella environment.

Note:

The S3 bucket dedicated to Cisco Umbrella log forwarding no longer receives logs, but is still available for auditing purposes. If you have no more use for this S3 bucket or the data it contains, delete this S3 bucket. See Working with buckets for more information.