The OpenDNS Umbrella Dashboard is your one-stop shop for controlling the enforcement powered by our extensive threat intelligence. We’re constantly iterating and improving the Dashboard experience to make it as seamless and uncomplicated as possible—however, there are a few insider tips and tricks that will help you get even more from Umbrella. We turn again to OpenDNS technical support engineer, Alexander Harrison, for a behind-the-scenes tour of the Umbrella Dashboard:
Although the overview page might seem fairly basic, it can provide a quick look at your network activity and status. According to Harrison, “this is a great overview and health check. Health check in regards to components syncing, and components working, as well as botnet checks, because the daily email reports are actually only good for networks (for now—improvements are on the way!).”
One of the most important sections of the Overview page is, helpfully, right at the top. The Message Center is where our engineers and support teams share announcements, particularly big security threats, and outages. Also, if you have components such as the OpenDNS Virtual Appliance, the Message Center will display any related error messages.
“If you have VA components, you should log in at least once a week, to make sure you don’t have any error messages,” Harrison said. “It’s not to say that you will definitely have an issue, it’s just to check and make sure everything is working okay.”
You can also find your Activity Volume graph on the Overview page. This graph provides an overview of your traffic volume, and security incidents happening in your network in the last 24 hours. “It’s a great place to see, at a quick glance, what’s going on in your network. Am I seeing a spike in blocks? Am I seeing a spike in malware?” Harrison added one pro tip on reading the graph: “the only confusing thing here is that only the green line represents total traffic—the bars represent different types of security incidents.”
The configuration page is where you can control the settings for your Umbrella deployment. There are three main areas of interest in the Configuration tab:
We’ve talked at length about policies and the Policy Editor here, but in short, this section allows you to control what security settings users, groups, and networks receive.
The Identities section allows you to add and manage your users. More specifically, it’s where you need to go to download the Roaming Client, add a network or internal network, or provision an iOS device.
Note: Adding an internal network requires a Virtual Appliance. More on installing the VA here.
Finally, System Settings is the tab where you can manage a slew of account options, including user accounts, delegated admin settings, Active Directory settings, log management, and login settings. It’s also where the Internal Domains settings are located, which are an essential part of managing your Umbrella deployment.
Harrison comments, “the Internal Domains settings are key—if you are deploying a Roaming Client or Virtual Appliance and you don’t set this up correctly, you will probably run into issues accessing local network resources. These settings will help you route specific domains to your local resolver such as custom local-only domains, preventing long timeouts and general chaos.”
“For example,” he continued, “this is especially important for people who use Exchange. Because Exchange communicates via local subdomain, If you use a local domain email, not setting your Internal Domains will cause things to break.” An article documenting adding autodiscover addresses for Office 365 can be found here.
Finally, the Reports tab, which provides admins with in-depth visibility into their networks. The three most important sections of the Reports page are as follows:
This section provides a real time look into your network activity. The report can be improved by making use of the “Filtering” section, found on the bottom of the left-hand sidebar. (Displayed here on the right.)
“Say you’re a big company that does a million requests a day,” Harrison said. “You’re going to see a page full of requests from the last minute in Activity Search. But if you use filters, you can quickly and easily pinpoint problem users or domains within the last 28 days. You can even search a specific timeframe, which can be really useful when you’re doing incident response or forensic analysis.” One note with filtering is that these apply only after clicking “Run Report”.
“The Reports section houses several helpful things, especially the Security and Cloud Services reports,” according to Harrison.
The Security Report is almost identical to Activity Search, but specifically shows security events, such as botnet and malware requests, without the noise present in Activity Search. The new Cloud Services report is a great overview of cloud apps and IoT devices in your network. We’ve covered this report extensively on the blog before; read the full explainer by clicking the image below.
Admin Audit Log
“The Admin Audit Log shows changes users have made to the Dashboard,” Harrison said. “This is mostly used during internal forensics investigations, or for managerial purposes.”
The OpenDNS Umbrella Dashboard isn’t quite as challenging as some of the other security dashboards in the market today, however, it still has it’s own best practices to follow. Hopefully, this guide has helped you discover a few of the most important ones, but if you still have questions, you can explore the extensive documentation located in the Knowledge Base, or reach our world-class support team here.