Configuring S3 bucket for Cisco Umbrella

Justin Mota

Has anyone been able to configure an S3 collector for Cisco umbrella? I'm certain the fields for Path and S3 bucket are correct but nothing is being pulled and I'm not sure where the issue is. Any guidance or tips are appreciated.

Melori Arellano

Hi Justin,

From the S3 Collector docs troubleshooting section:

When permissions are correct on the object store, and events are reaching the Collector, the Preview pane will show events and the Job Inspector will show an Events collected count.

However, if previewing returns no events and throws no error, first check your Filter expression by previewing without it (e.g., simplify the Filter expression to true). Then check the Job Inspector: If the Total size is greater than 0, and the Received size is NA or 0, make sure you have list and read permissions on the object store.

If you suspect there is a permissions issue, you can use our steps for validating your s3 access from the worker. The doc will walk you through using the AWS CLI to test that the credentials and paths are working as expected outside of cribl.