There are a few different ways Cisco Umbrella logs can be “forwarded” and ingested into the Pondurance LOG environment.
The preferred method is described in the Cisco online documentation round in the link below.
A self-managed bucket is preferred, but if you want to use a Cisco-managed bucket, that is also acceptible.
Pondurance will need the following information in order to pull the Umbrella logs (which are comressed and saved every 10 minutes):
bucket => "name of the s3 bucket"
access_key_id => "The AWS Access Key ID"
secret_access_key => "The AWS Secret Access Key"
prefix => "If the bucket is used for more than Umbrella logs - the prefix that will match the Umbrella logs"