• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Product

A Guided Tour of the OpenDNS Umbrella Dashboard

By Kara Drapala
Posted on July 23, 2015
Updated on March 5, 2020

Share

Facebook0Tweet0LinkedIn0

The OpenDNS Umbrella Dashboard is your one-stop shop for controlling the enforcement powered by our extensive threat intelligence. We’re constantly iterating and improving the Dashboard experience to make it as seamless and uncomplicated as possible—however, there are a few insider tips and tricks that will help you get even more from Umbrella. We turn again to OpenDNS technical support engineer, Alexander Harrison, for a behind-the-scenes tour of the Umbrella Dashboard:

Overview:

Although the overview page might seem fairly basic, it can provide a quick look at your network activity and status. According to Harrison, “this is a great overview and health check. Health check in regards to components syncing, and components working, as well as botnet checks, because the daily email reports are actually only good for networks (for now—improvements are on the way!).”
One of the most important sections of the Overview page is, helpfully, right at the top. The Message Center is where our engineers and support teams share announcements, particularly big security threats, and outages. Also, if you have components such as the OpenDNS Virtual Appliance, the Message Center will display any related error messages.
Screen Shot 2015-07-23 at 12.48.03 PM
“If you have VA components, you should log in at least once a week, to make sure you don’t have any error messages,” Harrison said. “It’s not to say that you will definitely have an issue, it’s just to check and make sure everything is working okay.”
You can also find your Activity Volume graph on the Overview page. This graph provides an overview of your traffic volume, and security incidents happening in your network in the last 24 hours. “It’s a great place to see, at a quick glance, what’s going on in your network. Am I seeing a spike in blocks? Am I seeing a spike in malware?” Harrison added one pro tip on reading the graph: “the only confusing thing here is that only the green line represents total traffic—the bars represent different types of security incidents.”
Screen Shot 2015-07-23 at 11.39.17 AM

Configuration:

The configuration page is where you can control the settings for your Umbrella deployment. There are three main areas of interest in the Configuration tab:
Policies
We’ve talked at length about policies and the Policy Editor here, but in short, this section allows you to control what security settings users, groups, and networks receive.
Identities
The Identities section allows you to add and manage your users. More specifically, it’s where you need to go to download the Roaming Client, add a network or internal network, or provision an iOS device.
Note: Adding an internal network requires a Virtual Appliance. More on installing the VA here.
System Settings
Finally, System Settings is the tab where you can manage a slew of account options, including user accounts, delegated admin settings, Active Directory settings, log management, and login settings. It’s also where the Internal Domains settings are located, which are an essential part of managing your Umbrella deployment.
Harrison comments, “the Internal Domains settings are key—if you are deploying a Roaming Client or Virtual Appliance and you don’t set this up correctly, you will probably run into issues accessing local network resources. These settings will help you route specific domains to your local resolver such as custom local-only domains, preventing long timeouts and general chaos.”
Screen Shot 2015-07-23 at 11.40.34 AM
“For example,” he continued, “this is especially important for people who use Exchange. Because Exchange communicates via local subdomain, If you use a local domain email, not setting your Internal Domains will cause things to break.” An article documenting adding autodiscover addresses for Office 365 can be found here.

Reports:

Finally, the Reports tab, which provides admins with in-depth visibility into their networks. The three most important sections of the Reports page are as follows:
Activity SearchScreen Shot 2015-07-23 at 12.58.59 PM
This section provides a real time look into your network activity. The report can be improved by making use of the “Filtering” section, found on the bottom of the left-hand sidebar. (Displayed here on the right.)
“Say you’re a big company that does a million requests a day,” Harrison said. “You’re going to see a page full of requests from the last minute in Activity Search. But if you use filters, you can quickly and easily pinpoint problem users or domains within the last 28 days. You can even search a specific timeframe, which can be really useful when you’re doing incident response or forensic analysis.” One note with filtering is that these apply only after clicking “Run Report”.
Reports
“The Reports section houses several helpful things, especially the Security and Cloud Services reports,” according to Harrison.
Screen Shot 2015-07-23 at 11.44.24 AM
The Security Report is almost identical to Activity Search, but specifically shows security events, such as botnet and malware requests, without the noise present in Activity Search. The new Cloud Services report is a great overview of cloud apps and IoT devices in your network. We’ve covered this report extensively on the blog before; read the full explainer by clicking the image below.
Screen Shot 2015-07-23 at 1.01.43 PM
Admin Audit Log
“The Admin Audit Log shows changes users have made to the Dashboard,” Harrison said. “This is mostly used during internal forensics investigations, or for managerial purposes.”
Screen Shot 2015-07-23 at 12.55.29 PM
The OpenDNS Umbrella Dashboard isn’t quite as challenging as some of the other security dashboards in the market today, however, it still has it’s own best practices to follow. Hopefully, this guide has helped you discover a few of the most important ones, but if you still have questions, you can explore the extensive documentation located in the Knowledge Base, or reach our world-class support team here.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella