Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
245
Views
0
Helpful
0
Comments

Cisco Umbrella integration with Cisco SecureX

Meddane
VIP
VIP
‎10-12-2023 08:43 AM

Cisco SecureX is a cloud-native incident and threat response platform that aggregates third-party security platform APIs and the Cisco Security portfolio including Umbrella. In SecureX, you can respond to integrated threat information, and view global threat intelligence and local insights.

To integrate Cisco Umbrella with Cisco SecureX, login to Umbrella GUI and to retrieve the following:

  • Organization ID
  • Investigate API Token
  • Umbrella Enforcement API
  • Rporting API Key and API Secret
  • Management API Key and API Secret
  • Network Devices / Policies API Key and API Secret

The Organization ID can be retrieved in the URL under the address bar.

Meddane_1-1697124863717.png

Navigate to Investigate > API Keys to retrieve the API Key.

Meddane_2-1697124863826.png

Navigate to Policy Components > Integration Settings, create a new integration for Cisco SecureX, give a name, click Save. In the Integration Settings of Cisco SecureX you can retrieve the URL needed for Umbrella API Enforcement.

Meddane_3-1697124864019.png

Navigate to Admin > API Keys. Create API Keys for :

  • Umbrella Network Devices
  • Umbrella Reporting
  • Umbrella Management

Meddane_4-1697124864368.png

Login the Cisco SecureX GUI. Navigate to Integration Modules > My Integration Modules.

Scroll down to find Umbrella module, click Add.

Meddane_5-1697124864804.png

Meddane_6-1697124864886.png

Enter the following parameters retrieved previously on Cisco Umbrella GUI :

  • Organization ID
  • Investigate API Token
  • Umbrella Enforcement API
  • Rporting API Key and API Secret
  • Management API Key and API Secret
  • Network Devices / Policies API Key and API Secret

Meddane_7-1697124865225.png

Meddane_8-1697124865665.png

Login to Cisco Umbrella GUI, navigate to Policy Components > Integration Settings. You should see the status Active of Cisco SecureX integration.

Meddane_9-1697124865908.png

Login to Cisco SecureX, click the Launch button under the Threat Response section.

Meddane_10-1697124866228.png

Navigate to Investigate, enter the domain drinkfoodapp.com. Click the Investigate button

Meddane_11-1697124866699.png

After few minutes, Cisco SecureX displays informations about the domain from different sources, Threat Intelligence and Cisco SecureX classify the domain as malicious.

Meddane_12-1697124866960.png

In the same page, you can response to threat immediately using Umbrella Enforcement API.

To do this, right-click on the domain, you can find the option to instruct Umbrella to block this domain.

Meddane_13-1697124867226.png

Meddane_14-1697124867559.png

On Cisco Umbrella GUI, navigate to Policy Components > Destination Lists. Edit the destination list created for Cisco SecureX, the Destination Lists contains now the domain that was blocked as a response from Cisco SecureX.

Meddane_15-1697124867729.png

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents