Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
829
Views
0
Helpful
0
Comments

Umbrella - what capabilities does it provide and how can I integrate it with Threat Response?

Eduardo Silva
Cisco Employee
Cisco Employee

on ‎09-23-2019 08:32 AM - edited on ‎02-24-2020 09:45 PM by Level 9

Threat Response integrates with Umbrella to provide Visibility, Control and Threat Intelligence. The Umbrella module leverages three distinct Umbrella APIs to provide these three functions. Ownership of any of the following 3 APIs gives free access and entitlement to Threat Response.

  • Reporting API allows investigators to gain visibility into hosts on the network that have made DNS requests for domains under investigation. Access to this API is included with the Umbrella Insights and Umbrella Platform licenses.
  • Enforcement API allows investigators to block and unblock domains directly from Threat Response. Access to this API is included with the Umbrella Platform license.
  • Investigate API allows investigators to utilize Umbrella’s Threat Intelligence. Access to this API is included with Umbrella Investigate, which can be purchased separately as an add-on to any Umbrella package.

To integrate any of the Umbrella APIs with Threat Response, you may use the quick start guide for Umbrella, check out our Umbrella module configuration video on YouTube, or review the in product configuration steps

Learn more about Threat Response here, or check out other FAQs here

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents