umbrella-activity-logs
Query activity logs from Cisco Umbrella Reports.
Syntax
umbrella-activity-logs [profile=PROFILE] [duration=DURATION] [from=FROM] [to=TO] [type=TYPE] [order=ORDER]
Options
- profile=PROFILE
- Optional. Cisco Umbrella connect profile code
- duration=DURATION
- Optional. Scan only recent data. Use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=FROM
- Optional. Start time of range. yyyyMMddHHmmss format.
- to=TO
- Optional. End time of range. yyyyMMddHHmmss format.
- type=TYPE
- Optional. Traffic type. dns, proxy, or firewall
- order=ORDER
- Optional. Sort order. asc or desc (default: desc)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | Cisco Umbrella connect profile code |
| type | String | Type | e.g. dns |
| timestamp | Date | Timestamp | e.g. 2026-04-10 03:00:02 |
| domain | String | Domain | e.g. www.google.com |
| app | String | Application | e.g. 1Password |
| action | String | Action | e.g. PERMIT |
| external_ip | IP address | External IP | e.g. 198.51.100.1 |
| internal_ip | IP address | Internal IP | e.g. 198.51.100.1 |
| query_type | String | Query Type | e.g. A |
| return_code | Integer | Return Code | e.g. 0 |
| identity | String | Identity | e.g. Logpresso_Guest |
| identity_type | String | Identity Type | e.g. network |
| categories | String | Categories | e.g. Software/Technology, Computer Security |
| threats | String | Threats | e.g. Malware |