/plushcap/analysis/datadog/datadog-datadog-cloud-siem-cisco-umbrella

Monitor your Cisco Umbrella network logs with Datadog Cloud SIEM

What's this blog post about?

Cisco Umbrella is a platform for monitoring and maintaining DNS-layer security across networks, detecting malicious behavior like DNS hijacking and spoofing. However, the sheer volume of logs it generates can overwhelm security teams. Datadog's Cisco Umbrella DNS integration enables users to collect and process these logs, visualize data, generate metrics, and alert on various network activities from a centralized platform. The integration also provides out-of-the-box automatic detection of suspicious network activity and enhanced visibility into security posture with customizable dashboards. Datadog Cloud SIEM continuously scans Cisco Umbrella DNS logs for potentially malicious activity, generating security signals that can be correlated with observability data and third-party alerts. Users can create custom detection rules or use pre-configured rules aligned with the MITRE ATT&CKĀ® framework to automate alerts and remediation for suspicious activities. Additionally, two out-of-the-box dashboards provide a high-level view of DNS and proxied network activity, offering essential insights that help security teams quickly assess their environment's health and security.

Company
Datadog

Date published
Nov. 11, 2024

Author(s)
Vera Chan, Jason Hunsberger

Word count
956

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.