Reporter for Cisco Umbrella SIG

Installation guide

Fastvue Reporter can be up and running in as little as five minutes following this simple installation guide.

Minimum Server Requirements

Download Fastvue Reporter and install on a machine (or virtual machine) that meets our recommended requirements below.

Installation

Note: In order to import data and run reports as fast as possible, Fastvue Reporter can be resource intensive. We do not recommend installing Fastvue Reporter on a server that provides a critical services such as a Domain Controller, DNS server, or DFS server. We recommend installing on a dedicated VM (virtual machine) so you can scale the resources appropriately.

To install Fastvue Reporter:

  1. Double-click the downloaded setup exe on a machine that meets the above requirements.

  2. The installer automatically installs and configures the required pre-requisites which include .Net 4.6 and IIS (Web Server and Application Server roles). It will also install Open JDK and Elasticsearch in its own self-managed directory.

  3. Once the pre-requisites have been installed, proceed through the installation wizard. It will ask you for:

    • Installation folder Only application files are installed to this folder and it does not require much disk space. The default is C:\Program Files\Fastvue\{Product Name}.

    • Website and Virtual Directory This is the website and sub-folder (virtual directory) within IIS to install the Fastvue Reporter website into. The default is Default Web Site. If you have other websites installed on your server, it is a good idea to either create a new website in IIS first and install to that, or use the 'sub-directory' option and enter a name such as ‘fastvue’ or ‘reports’. This creates a contained 'virtual directory' in IIS under the main website which you can access using http://yourserver/fastvue (for example).

    • Data Location This is the location where all imported data, configuration and report files are stored. Specify a location with plenty of disk space. The default is C:\ProgramData\Fastvue\{Product Name}.

  4. Navigate to the Fastvue Reporter web interface in your web browser. If you are on the server you installed, this will be http://localhost or http://localhost/sub-folder-name if you specified a sub-folder in step 3 above (replace sub-folder-name with the actual name you specified). You can also replace localhost with the server's name or IP address to access the web interface from a different machine.

Upgrading

To upgrade an earlier version of Fastvue Reporter, simply run the new installer over the top of your existing installation. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

Note that it can take a few minutes for data to start importing again after upgrades and restarts of the Fastvue Reporter service. You can check the database initialisation progress in Settings | Diagnostic | Database.

Automated / Silent Deployment

If you need to deploy or upgrade Fastvue Reporter silently or to multiple servers in an automated way, please see our comprehensive Reporter 4.0 PowerShell script.

Configure Cisco Umbrella's Log Settings

Cisco Umbrella SIG stores its log files in an Amazon Web Services (AWS) S3 bucket that is either 'Cisco Managed', or self managed, and Fastvue Reporter imports the logs from this AWS S3 bucket. In order to do this, Fastvue Reporter needs the Data Path, Access Key and Secret Key of the AWS S3 Bucket.

We recommend using a Cisco Managed S3 bucket as it is the easiest and quickest way to get started. For more information, see the Cisco Umbrella documentation on managing your logs.

First configure your Cisco Umbrella SIG's log settings:

  1. Log into Cisco Umbrella as an administrator (https://login.umbrella.com)

  2. Go to Admin > Log Management

  3. Select the appropriate region for your logs to be stored

  4. Select Use Cisco Managed Amazon S3 Storage

  5. Toggle all options to On for Admin Audit Log, Log Https Query and Include Headers.

    Cisco Umbrella SIG Logging Options

Note: Enabling Log HTTPS Query requires confirming a warning message. While it may seem alarming, logging query parameters is standard practice in most major firewalls. Sensitive data like passwords and credit card numbers should never be included in URLs and only poorly designed websites would do so. This setting allows Fastvue to report on web searches and YouTube videos.

Generate Keys

  1. Once you have configured Cisco Umbrella SIG's logging options as above, click the the Generate Keys button. This presents a dialog showing your Data Path, Access Key and Secret Key.

    Cisco Umbrella Logging - Generate Keys

  2. Copy each of these and store them somewhere safe as you will not be able to access them again.

  3. Check the 'Got it' checkbox and click Continue.

Cisco Umbrella will now start logging traffic going through the Cisco Umbrella Secure Internet Gateway (SIG) to the Cisco managed S3 bucket.

Add a Source in Fastvue Reporter

Now that you have configured your logging options and generated the keys to access your logs, you can add these logs as a Source in Fastvue Reporter.

If you have just installed Fastvue Reporter

  1. Open your browser to the Fastvue Reporter web page and the start page will be displayed.

  2. Enter the Data Path, Access Key and Secret Key from above

  3. Click Let's Go!

Alternatively, you can also add a Source in Settings > Sources:

  1. In the Fastvue Reporter web UI, go to Settings > Sources and click Add Source

  2. Enter the Data Path, Access Key and Secret Key from above

  3. Click Add Source.

It may take up to 10 minutes before the first records are imported as Cisco Umbrella only updates the S3 bucket every 10 minutes or so.

You can watch the records and dates imported in Settings > Sources and once records start importing, you can go to the Dashboard tab to see your internet and network traffic.

Enjoy!

Fastvue Reporter is now functional and you can start exploring the Dashboards, Reports and Alerts.

However, there are a few more options you should configure:

For any other questions or issues, head to the Fastvue Reporter for Cisco Umbrella Knowledge base.