Overview of the Cisco Umbrella integration
Cisco Umbrella is a cloud-delivered security service that provides comprehensive protection against internet-based threats. It is designed to secure access to the internet for users both inside and outside the corporate network, offering a first line of defense against cybersecurity threats.
Sophos documents
What we ingest
Sample alerts seen by Sophos:
Malware
Cryptomining
High Risk Sites and Locations
Phishing
Command and Control
Dynamic DNS
Filtering
We filter the results as follows:
- We deny data provided in a non-compliant format.
- We drop various reviewed and non-security-related messages and logs.
- We drop various high-volume and low-value messages.
Sample threat mappings
We define the alert type from the field policycategories.label
.
Sample mappings:
{"alertType": "Newly Seen Domains", "threatId": "T1568.002", "threatName": "Domain Generation Algorithms"}
{"alertType": "Mobile Threats", "threatId": "TA0005", "threatName": "Defense Evasion"}
{"alertType": "Malware", "threatId": "TA0002", "threatName": "Execution"}