Skip to main content

Cisco Umbrella Cloud Security

This Integration is part of the Cisco Umbrella cloud security Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This integration was integrated and tested with version 1.0 of Cisco Umbrella Cloud Security.

Configure Cisco Umbrella Cloud Security on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cisco Umbrella Cloud Security.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Organization IDTrue
    API KeyTrue
    API SecretFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

umbrella-get-destination-lists#


Get's all destination lists in organization

Base Command#

umbrella-get-destination-lists

Input#

Argument NameDescriptionRequired
orgIdOrganization ID.Optional

Context Output#

PathTypeDescription
Umbrella.DestinationListsUnknown

umbrella-add-domain#


Adds domains to given destination list

Base Command#

umbrella-add-domain

Input#

Argument NameDescriptionRequired
orgIdOptional organization ID. If not provided, will use the one provided in the integration configuration.Optional
destIdDestination list ID.Required
domainsList of domains to add to destination list (Format: domain1.com,domain2.com).Required
commentNote on what the domain is or why it is being added. Default is Added from XSOAR.Optional

Context Output#

There is no context output for this command.

umbrella-get-destination-domains#


Get's the domains listed in a destination list

Base Command#

umbrella-get-destination-domains

Input#

Argument NameDescriptionRequired
orgIdOptional orgId, by default uses the one set in the instance configuration.Optional
destIdDestination list ID to get domains from. Use umbrella-get-destination-lists to get the list ID.Required

Context Output#

PathTypeDescription
Umbrella.Destinations.createdAtUnknownWhen the domain within destination list was created
Umbrella.Destinations.typeUnknownType of destination within destination list
Umbrella.Destinations.destinationUnknownDomain within destination list
Umbrella.Destinations.idUnknownID of domain within destination list
Umbrella.Destinations.commentUnknownComment associated with domain within destination list

umbrella-remove-domain#


Removes domains to given destination list

Base Command#

umbrella-remove-domain

Input#

Argument NameDescriptionRequired
orgIdOptional organization ID. If not provided, will use the one provided in the integration configuration.Optional
destIdDestination list ID.Required
domainIdsList of entry IDs to remove from destination list (Format: 1234,1235).Required

Context Output#

There is no context output for this command.

umbrella-get-destination-domain#


Gets the domain from a destination list

Base Command#

umbrella-get-destination-domain

Input#

Argument NameDescriptionRequired
orgIdOptional orgId, by default uses the one set in the instance configuration.Optional
destIdDestination list ID to get domains from. Use umbrella-get-destination-lists to get the list ID.Required

Context Output#

PathTypeDescription
Umbrella.Destinations.createdAtUnknownWhen the domain within destination list was created
Umbrella.Destinations.typeUnknownType of destination within destination list
Umbrella.Destinations.destinationUnknownDomain within destination list
Umbrella.Destinations.idUnknownID of domain within destination list
Umbrella.Destinations.commentUnknownComment associated with domain within destination list