Introduction
The Umbrella Reporting v2 API provides visibility into your core network and security activities and Umbrella logs. With the Umbrella Reporting v2 API, you can access and create targeted reports, widgets, and dashboards.
Use Cases and Best Practices
The Umbrella Reporting v2 API enables you to programmatically access logs and reports, and build widgets or custom reports. The Reporting v2 API does not support bulk data retrieval. If you need to export all of your data or large data collections, you can enable logging to Amazon Simple Storage Service (Amazon S3). For more information about Umbrella logs, see Manage Your Logs in the Umbrella User Guide.
| Use Case | Granularity/Type | Recommendation | Considerations |
|---|---|---|---|
| Compliance or Long term event retention | Export and store all events | Customer owned Amazon S3 bucket | |
| SIEM: Event Correlation | Export all events | Cisco managed Amazon S3 bucket | Umbrella retains data for 30 days. |
| Dashboard KPI/Widgets | Activity Search and Aggregations | Reporting API | Use query parameters to filter requests. |
| Report Generation | Aggregations | Reporting API | |
| SOAR Workflow: Trigger | Activity Search | Reporting API | Use query parameters to filter requests. |
Try It Out
Try out the Umbrella Reporting v2 API in the Cisco DevNet Sandbox. The Cisco DevNet Sandbox provides an online learning environment for the Cloud Security API.
For information about the Umbrella Reporting v2 API learning lab modules, see Cisco DevNet Cloud Edge Security Learning Labs.