- 09 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Cisco Umbrella
- Updated on 09 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Cisco Umbrella is a secure internet gateway in the cloud, including DNS and IP layer enforcement and command and control callback blocking.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
- Roles
- SaaS Applications
Parameters
Cisco Umbrella Domain (required, default: https://management.api.umbrella.com) - The hostname or IP address of the Cisco Umbrella server. API v1 has been deprecated by Cisco, so you need to use the domain value https://api.umbrella.com which uses API v2.
Network API Key and Network API Secret (required) - The API Key and API Secret for the Umbrella Network Devices API. For details on generating the API Key and the API Secret, see Cisco Umbrella API Authentication.
Management API v1/API v2 Key and Management API v1 Secret/v2 Secret (required) - Enter the API Key and API Secret for the Umbrella Management API.
Note:API v1 is no longer supported by Cisco. Make sure you choose API v2.
Fetch deployments scope (devices) (default: true), Fetch admin scope (users and roles) (default: true), Fetch reports scope (SaaS applications) (only used to fetch SaaS data) (default: true) - Axonius fetches all data, using one connection, make sure you use an API key that has all permissions. However, it is possible to set API keys with permissions to fetch only a certain type of data. For that, select the scope that your API key has permissions to fetch data from. If you have different API keys for each scope, set up a different connection with the corresponding scope/resource selected.
mspID (optional, default: empty) - The managed service provider ID. It is required if you are using Cisco Umbrella for MSPs.
Organization ID (optional, default: empty) - Every Umbrella organization is a separate instance of Umbrella and has its own dashboard. Organizations are identified by their name and their organization ID (Org ID). The Org ID is a unique number. You can have access to several organizations. Once you are logged into the correct dashboard, check the URL in the address bar: https://dashboard.umbrella.com/o/< OrgID >/#/< page >. represents your unique Umbrella Org ID.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- List the users in the organization - Select this option to fetch a list of users in the organization.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the following Cisco Umbrella APIs:
Umbrella API
Access to the following API endpoint is required to fetch SaaS data:
- [USERS] https://
/admin/v2/users - [ROLES] https://
/admin/v2/roles - [DNS_ACTIVITY] https://
/reports/v2/activity/dns - [TOP_DESTINATIONS] https://
/reports/v2/top-destinations/dns
Setting Up the Integration
Log into Umbrella.
- Navigate to Admin > API Keys.
- Enter a name for the key. A name must contain less than 256 characters.
- Check all scopes and grant all read only access.
- Choose Never expire.
- Click Generate Key.
- Copy and save your API Key and Key Secret.
Copy the generated API Key and Key Secret to Network API Key / Network API Secret, and to Management API Key and Management API Secret .
- Click Accept and Close.