Skip to main content
Cajuntank
Cajuntank
Contributor III
December 1, 2025
Solved

Cisco Umbrella logging to FortiAnalzer

  • December 1, 2025
  • 1 reply
  • 372 views

I use my FortiAnalyzer (7.4.8) as a "poor man" syslog server and am trying to see if I can incorporate logging from Cisco Umbrella. Cisco Umbrella only sends to AWS S3 storage and I have the path and keys for said bucket. I saw where FortiSIEM has said functionality, but I don't own that product... so seeing if there is a way to handle this via FortiAnalyzer in any form or fashion. This might end up being my final push point if it cannot, to go with something more dedicated as my new syslog platform.

Best answer by AEK

Hi Kajun

Late FortiAnalyzer version includes SIEM capabilities that can handle logs from third party products.

https://docs.fortinet.com/document/fortianalyzer/7.6.0/security-operations-architecture/779526/siem

Hope it helps.

1 reply

AEK
SuperUser
AEKAnswer
SuperUser
December 1, 2025

Hi Kajun

Late FortiAnalyzer version includes SIEM capabilities that can handle logs from third party products.

https://docs.fortinet.com/document/fortianalyzer/7.6.0/security-operations-architecture/779526/siem

Hope it helps.

AEK
    Cajuntank
    CajuntankAuthor
    Contributor III
    December 2, 2025

    Thanks for that. I'm going to further this up the food chain with my territory sales support engineer. It looks like 7.6.x out the box handles all of the Forti products for the most part plus Windows, Ubuntu, Apache, and a few others. The SOC Automation Service license adds a bunch of additional log parsers, but Umbrella is not listed... yet??? But a few other Cisco products are... hopefully it's something coming down the pipe. Thanks again to know what "rabbit hole" to jump down.

      Terms & ConditionsAccessibility statement