With scheduled collection of your Cisco Umbrella logs, USM Anywhere collects, enriches, and analyzes inbound and outbound network traffic log data from Cisco Umbrella. It detects any malicious inbound or outbound network traffic, such as a phishing email or malware communicating to a Command and Control (C2) server. When USM Anywhere detects a threat, it generates an alarmAlarms provide notification of an event or sequence of events that require attention or investigation..
After the first log collection job completes and USM Anywhere retrieves and normalizes the raw log data from Cisco Umbrella, these events start appearing in the Events dashboard view. To provide a more focused view of these events, the Cisco Umbrella dashboard is available under Dashboards in the top navigation menu.
This dashboard summarizes the events originating from Cisco Umbrella so that you see what's going on at a glance. Click elements in the displayed graphs or summary lists to drill down to the list of events.