Cisco Umbrella Connector missing updated Firewall Logs folder name #8788
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
1 similar comment
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
1 similar comment
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @wtcdwclark, thanks for flagging this, we will soon get back to you on this. Thanks! |
|
We are investigating on this issue, we will soon get back to you. |
|
@v-sudkharat or @v-rbajaj Is there any update on this? |
|
Hi @wtcdwclark, PR will be raised by 18 Sep 2023. |
|
Hi @wtcdwclark, sorry for the delay, we have raised this PR #9077 for this issue. We are currently testing the DC, once that is done we will let you know. |
|
Any update on this?
Daryl W. Clark
Senior Vice President and Chief Technology Officer
The Washington Trust Company
2 Crosswind Road, Westerly, RI 02891
401-348-1438
***@***.***
washtrust.com
*******
Confidential: The information contained in this e-mail message, including any attached documents or files, may contain information that is confidential or proprietary. Dissemination, distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), is unauthorized and prohibited. If you are not the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), please notify the sender by reply e-mail and delete this message.
From: v-rbajaj ***@***.***>
Sent: Friday, September 22, 2023 10:47 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Daryl W. Clark ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Cisco Umbrella Connector missing updated Firewall Logs folder name (Issue #8788)
You don't often get email from ***@***.******@***.***>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Warning: The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
Hi @wtcdwclark<https://github.com/wtcdwclark>, sorry for the delay, we have raised this PR #9077<#9077> for this issue. We are currently testing the DC, once that is done we will let you know.
-
Reply to this email directly, view it on GitHub<#8788 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AYJIEYOJK34QQVP666MRP2TX3WQHVANCNFSM6AAAAAA3RPRJ7Q>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
Hi @wtcdwclark, testing is still progress, we will update you once we are done with testing.. |
|
Hi @wtcdwclark, sorry for delay, testing of the parser is still progress, we get back to by 10 Oct 2023 |
|
Hi @wtcdwclark, sorry for delay, testing of the parser is still progress, we get back to by 20 Oct 2023 |
|
Hi @wtcdwclark, sorry for delay, testing of the parser is still progress, we get back to by 31 Oct 2023 |
|
Hi @wtcdwclark, sorry for delay, testing of the parser is still progress, we get back to by 03 Nov 2023 |
|
Hi @wtcdwclark, sorry for delay, testing of the parser is still progress, we get back to by 08 Nov 2023 |
|
Hi @wtcdwclark, testing is still in progress, will get back to you by 10 Nov 2023 |
|
Hi @wtcdwclark, testing is still in progress, will get back to you by 16 Nov 2023 |
|
Hi @wtcdwclark PR(#9077) review is in progress and will get back to you by 20Nov23 |
|
Hi @wtcdwclark, After updating, kindly restart the Function App and check if the issue persists. If this resolves the issue, we can proceed to merge the changes to the master branch. |
|
Hi @wtcdwclark Could you please check confirm after performing the above steps |
|
Sorry I was out since the last update, I will test today
Daryl W. Clark
Senior Vice President and Chief Technology Officer
The Washington Trust Company
2 Crosswind Road, Westerly, RI 02891
401-348-1438
***@***.***
washtrust.com
*******
Confidential: The information contained in this e-mail message, including any attached documents or files, may contain information that is confidential or proprietary. Dissemination, distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), is unauthorized and prohibited. If you are not the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), please notify the sender by reply e-mail and delete this message.
From: Murali Krishna Dev Uppugunduri ***@***.***>
Sent: Monday, November 20, 2023 9:54 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Daryl W. Clark ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Cisco Umbrella Connector missing updated Firewall Logs folder name (Issue #8788)
Warning: The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
Hi @wtcdwclark<https://github.com/wtcdwclark> Could you please check confirm after performing the above steps
-
Reply to this email directly, view it on GitHub<#8788 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AYJIEYLJQVS42FHOD63YDVTYFNVJZAVCNFSM6AAAAAA3RPRJ7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJZGIYTOOJWGU>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
This does NOT appear to be working. There is not data in the logs its pulling in.
***@***.***
Daryl W. Clark
Senior Vice President and Chief Technology Officer
The Washington Trust Company
2 Crosswind Road, Westerly, RI 02891
401-348-1438
***@***.***
washtrust.com
*******
Confidential: The information contained in this e-mail message, including any attached documents or files, may contain information that is confidential or proprietary. Dissemination, distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), is unauthorized and prohibited. If you are not the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), please notify the sender by reply e-mail and delete this message.
From: Murali Krishna Dev Uppugunduri ***@***.***>
Sent: Monday, November 20, 2023 9:54 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Daryl W. Clark ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Cisco Umbrella Connector missing updated Firewall Logs folder name (Issue #8788)
Warning: The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
Hi @wtcdwclark<https://github.com/wtcdwclark> Could you please check confirm after performing the above steps
-
Reply to this email directly, view it on GitHub<#8788 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AYJIEYLJQVS42FHOD63YDVTYFNVJZAVCNFSM6AAAAAA3RPRJ7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJZGIYTOOJWGU>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
Hi @wtcdwclark ,Will revalidate the issue resolution and get back to you with an update,Thanks. |
|
Hi @wtcdwclark, thanks for confirming, need to check and get back to you by 28 Nov 2023. |
|
Hi @wtcdwclark, we are investigating on this and will get back to you by 28 Nov 2023. |
|
Hi @wtcdwclark, we are still investigating on this and will get back to you by 04 Dec 2023 |
|
Hi @wtcdwclark, we are still investigating on this and will get back to you by 07 Dec 2023 |
|
Hi @wtcdwclark, After updating, kindly restart the Function App and check if the issue persists. If this resolves the issue, we can proceed to merge the changes to the master branch. |
|
That appears to be working:
***@***.***
Daryl W. Clark
Senior Vice President and Chief Technology Officer
The Washington Trust Company
2 Crosswind Road, Westerly, RI 02891
401-348-1438
***@***.***
washtrust.com
*******
Confidential: The information contained in this e-mail message, including any attached documents or files, may contain information that is confidential or proprietary. Dissemination, distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), is unauthorized and prohibited. If you are not the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), please notify the sender by reply e-mail and delete this message.
From: v-rbajaj ***@***.***>
Sent: Sunday, December 10, 2023 11:14 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Daryl W. Clark ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Cisco Umbrella Connector missing updated Firewall Logs folder name (Issue #8788)
Warning: The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
Hi @wtcdwclark<https://github.com/wtcdwclark>,
We have made some more minor changes.
Could you please update the WEBSITE_RUN_FROM_PACKAGE with the following URL in the function app, just like last time?
URL:
https://github.com/Azure/Azure-Sentinel/raw/49ed35a71dae54e3173eb0d6edeaf9f18c53caab/Solutions/CiscoUmbrella/Data%20Connectors/CiscoUmbrellaConn.zip
After updating, kindly restart the Function App and check if the issue persists. If this resolves the issue, we can proceed to merge the changes to the master branch.
-
Reply to this email directly, view it on GitHub<#8788 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AYJIEYITYCTANN7LLEU4JF3YI2CCHAVCNFSM6AAAAAA3RPRJ7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBZGI4TOMZQGA>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
@wtcdwclark Thanks for confirmation ,we are closing the issue, If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation |
|
What should I set the run from URL back to?
Get Outlook for iOS<https://aka.ms/o0ukef>
Daryl W. Clark
Senior Vice President and Chief Technology Officer
The Washington Trust Company
2 Crosswind Road, Westerly, RI 02891
401-348-1438
***@***.***
washtrust.com
*******
Confidential: The information contained in this e-mail message, including any attached documents or files, may contain information that is confidential or proprietary. Dissemination, distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), is unauthorized and prohibited. If you are not the intended recipient(s), or an employee or agent responsible for delivering the message to the intended recipient(s), please notify the sender by reply e-mail and delete this message.
…________________________________
From: Murali Krishna Dev Uppugunduri ***@***.***>
Sent: Thursday, December 14, 2023 6:19:02 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Daryl W. Clark ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Cisco Umbrella Connector missing updated Firewall Logs folder name (Issue #8788)
Warning: The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
@wtcdwclark<https://github.com/wtcdwclark> Thanks for confirmation ,we are closing the issue, If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation
—
Reply to this email directly, view it on GitHub<#8788 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AYJIEYMZYJESVBVJTU52GCTYJLOCNAVCNFSM6AAAAAA3RPRJ7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJVGY3DCMZTGI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Discovered the Cisco Umbrella Connector was not pulling in my Cisco_Umbrella_cloudfirewall_CL logs:
Looking at the code, it is looking for a folder named "cloudfirewalllogs" or "cdfwlogs":
When browsing my S3 bucket, the folder is now called "firewalllogs":
According to the Cisco Umbrealla log documentation, they are now stored in "firewalllogs": https://docs.umbrella.com/umbrella-user-guide/docs/log-format-and-versioning
I believe the code should be updated to include the new firewall log folder name.
The text was updated successfully, but these errors were encountered: