Login
    Contents x
    Cisco Umbrella
    • 18 Jul 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Cisco Umbrella

    • Updated on 18 Jul 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Cisco Umbrella is a secure internet gateway in the cloud, including DNS and IP layer enforcement and command and control callback blocking.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices
    • Users
    • SaaS data

    Parameters

    1. Cisco Umbrella Domain (required, default: https://management.api.umbrella.com) - The hostname or IP address of the Cisco Umbrella server. When working with the v2 API you need to change the domain value to https://api.umbrella.com.

    2. Network API Key and Network API Secret (required) - The API Key and API Secret for the Umbrella Network Devices API. For details on generating the API Key and the API Secret, see Cisco Umbrella - Network Devices API.

    3. Management API v1/API v2 Key and Management API v1 Secret/v2 Secret (required) - Enter the API Key and secret for the Umbrella Management API version that you are using, either API v1 or API v2. For details about generating the API Key and the API Secret for v1, see Cisco Umbrella - Management API.

    4. Permissions to fetch resources from deployments scope (devices) (default: true), Permissions to fetch resources from admin scope (users and roles) (default: true) , Permissions scope to fetch resources from reports scope (only used to fetch SaaS data) (default: true) -Axonius fetches all data, using one connection, make sure you use an API key that has all permissions. However, it is possible to set API keys with permissions to fetch only a certain type of data. For that, select the scope that your API key has permissions to fetch data from. If you have different API keys for each scope, set up a different connection with the corresponding scope/resource selected.

    5. mspID (optional, default: empty) - The managed service provider ID. It is required if you are using Cisco Umbrella for MSPs.

    6. Organization ID (optional, default: empty) - Every Umbrella organization is a separate instance of Umbrella and has its own dashboard. Organizations are identified by their name and their organization ID (Org ID). The Org ID is a unique number. You can have access to several organizations. Once you are logged into the correct dashboard, check the URL in the address bar: https://dashboard.umbrella.com/o/< OrgID >/#/< page >. represents your unique Umbrella Org ID.

    7. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    8. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    CiscoUmbrellaNew

    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    • List the users in the organization - Select this option to fetch a list of users in the organization.
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


    APIs

    Axonius uses the following Cisco Umbrella APIs:
    Umbrella API

    The following legacy APIs may also be used.

    • Umbrella Network Devices API - Allows you to register network devices as identities to the Umbrella dashboard. Once the device is registered as an identity, you can use the API to add and remove the device from configured policies. Once registered, the device is automatically added to the default policy. You can also remove a policy from being applied to a device, with the exception of the default policy, which cannot be removed.
    • Umbrella Management API - Enables direct customers, SPs, MSPs, and MSSPs to manage organizations, networks, network devices, users, and roaming computers, and integrate actions in those areas into your workflows.

    Access to the following API endpoint is required to fetch SaaS data

    • [USERS] https:///admin/v2/users
    • [ROLES] https:///admin/v2/roles
    • [DNS_ACTIVITY] https:///reports/v2/activity/dns
    • [TOP_DESTINATIONS] https:///reports/v2/top-destinations/dns

    Setting Up the Integration

    Log into Umbrella.

    1. Navigate to Admin > API Keys.
    2. Enter a name for the key. A name must contain less than 256 characters.
    3. Check all scopes and grant all read only access.
    4. Choose Never expire.
    5. Click Generate Key.
    6. Copy and save your API Key and Key Secret.
    Note:

    Copy the generated API Key and Key Secret to Network API Key / Network API Secret, and to Management API Key and Management API Secret .

    1. Click Accept and Close.


    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout