All Collections
Integration Guide
Cisco Umbrella Integration
Cisco Umbrella Integration
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

About Cisco Umbrella

Cisco Umbrella is a cloud security platform that provides an additional line of defense against malicious software and threats on the internet by using threat intelligence. That intelligence helps prevent adware, malware, botnets, phishing attacks, and other known bad Websites from being accessed.

SIRP’s integration with Cisco Umbrella allows security teams to execute response actions right from SIRP which results in effective incident management and reduced MTTR.

Supported Actions

S.no

Action

Description

1

ADD DOMAIN TO ALLOW LIST

Add Domain to Umbrella's Allow List

2

REMOVE DOMAIN FROM ALLOW LIST

Remove Domain from Umbrella's Allow List

3

ADD DOMAIN TO BLOCK LIST

Add Domain to Umbrella's Block List

4

REMOVE DOMAIN FROM BLOCK LIST

Remove Domain from Umbrella's Block List

Enable and Configure Cisco Umbrella Integration

Generate Cisco Umbrella API Key and Secret

To generate API keys, you need to first access Umbrella's dashboard

  1. Log into Umbrella with the following URL:

    https://dashboard.umbrella.com

  2. Navigate to Admin > API Keys

  3. Select Umbrella Management and click Generate Token

  4. Expand Umbrella Management and copy Your Key and Your Secret

  5. Click To keep it secure checkbox and then click Close

Note: Umbrella API only accepts Reporting API credentials (key and secret) created by a valid Umbrella Admin user account. Umbrella API does not authenticate requests for deactivated or deleted Admin user accounts.

Find Your Organization ID

  1. Log into Umbrella at https://dashboard.umbrella.com.

  2. From the navigation menu, expand your account name and confirm that you are logged into the correct Umbrella dashboard. Your organization name is listed under your account name.

  3. Once you are logged into the correct dashboard, check the URL in the address bar: https://dashboard.umbrella.com/o/<*OrgID*>/#/<*page*>. <OrgID> represents your unique Umbrella Org ID. Copy this for SIRP app configuration.

Enable the Cisco Umbrella app in SIRP

  • First, log in to SIRP, then go to Apps from the left navigation bar.

  • Locate the app named Umbrella.

  • Enable the Umbrella app by clicking on the toggle button under the Status Column.

  • Once you enable the App, click the configure option to integrate SIRP with Cisco Umbrella

  • Add the following details and click Save:

    1. API-Key: <Copied from Cisco Umbrella interface>

    2. API-Secret: <Copied from Cisco Umbrella interface>

    3. Organization ID: <Copied from Cisco Umbrella dashboard URL>

Did this answer your question?