Cisco_Umbrella_proxy_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Custom Log V1 Yes 🔶 — uses type-suffixed column names
Ingestion API Supported ✓ Yes

Contents

Schema (32 columns)

Source: KQL validation test schema

Column Name Type
AMP_Disposition_s string
AMP_Malware_Name_s string
AMP_Score_s string
AVDetections_s string
Blocked_Categories_s string
Categories_s string
Certificate_Errors_s string
Content_Type_s string
Destination_IP_s string
Destination_List_IDs_s string
DLP_Status_S string
EventType_s string
External_IP_s string
File_Name_s string
Identities_s string
Identity_Type_s string
Internal_IP_s string
Policy_Identity_Type_s string
PolicyIdentity_s string
Referer_s string
Request_Method_s string
requestSize_d real
responseBodySize_d real
responseSize_d real
Rule_ID_s string
Ruleset_ID_s string
SHA-SHA256_s string
SHA—SHA256_s string
statusCode_s string
TimeGenerated datetime
Timestamp_t datetime
userAgent_s string

Solutions (1)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Cisco Cloud Security
Cisco Cloud Security (using elastic premium plan)

Content Items Using This Table (31)

Analytic Rules (20)

GitHub Only:

Analytic Rule Selection Criteria
Cisco Cloud Security - Connection to Unpopular Website Detected
Cisco Cloud Security - Connection to non-corporate private network
Cisco Cloud Security - Crypto Miner User-Agent Detected
Cisco Cloud Security - Empty User Agent Detected
Cisco Cloud Security - Hack Tool User-Agent Detected
Cisco Cloud Security - Rare User Agent Detected
Cisco Cloud Security - Request Allowed to harmful/malicious URI category
Cisco Cloud Security - Request to blocklisted file type
Cisco Cloud Security - URI contains IP address
Cisco Cloud Security - Windows PowerShell User-Agent Detected
Cisco Umbrella - Connection to Unpopular Website Detected
Cisco Umbrella - Connection to non-corporate private network
Cisco Umbrella - Crypto Miner User-Agent Detected
Cisco Umbrella - Empty User Agent Detected
Cisco Umbrella - Hack Tool User-Agent Detected
Cisco Umbrella - Rare User Agent Detected
Cisco Umbrella - Request Allowed to harmful/malicious URI category
Cisco Umbrella - Request to blocklisted file type
Cisco Umbrella - URI contains IP address
Cisco Umbrella - Windows PowerShell User-Agent Detected

Hunting Queries (10)

In solution CiscoUmbrella:

Hunting Query Selection Criteria
Cisco Cloud Security - 'Blocked' User-Agents.
Cisco Cloud Security - Anomalous FQDNs for domain
Cisco Cloud Security - DNS Errors.
Cisco Cloud Security - DNS requests to unreliable categories.
Cisco Cloud Security - High values of Uploaded Data
Cisco Cloud Security - Higher values of count of the Same BytesIn size
Cisco Cloud Security - Possible connection to C2.
Cisco Cloud Security - Possible data exfiltration
Cisco Cloud Security - Proxy 'Allowed' to unreliable categories.
Cisco Cloud Security - Requests to uncategorized resources

Workbooks (1)

In solution CiscoUmbrella:

Workbook Selection Criteria
CiscoUmbrella

Parsers Using This Table (2)

ASIM Parsers (1)

Parser Schema Product Selection Criteria
ASimWebSessionCiscoUmbrella WebSession Cisco Umbrella

Other Parsers (1)

Parser Solution Selection Criteria
Cisco_Umbrella CiscoUmbrella

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index