Showing results for 
Search instead for 
Did you mean: 

Umbrella - what capabilities does it provide and how can I integrate it with Threat Response?


Threat Response integrates with Umbrella to provide Visibility, Control and Threat Intelligence. The Umbrella module leverages three distinct Umbrella APIs to provide these three functions. Ownership of any of the following 3 APIs gives free access and entitlement to Threat Response.

  • Reporting API allows investigators to gain visibility into hosts on the network that have made DNS requests for domains under investigation. Access to this API is included with the Umbrella Insights and Umbrella Platform licenses.
  • Enforcement API allows investigators to block and unblock domains directly from Threat Response. Access to this API is included with the Umbrella Platform license.
  • Investigate API allows investigators to utilize Umbrella’s Threat Intelligence. Access to this API is included with Umbrella Investigate, which can be purchased separately as an add-on to any Umbrella package.

To integrate any of the Umbrella APIs with Threat Response, you may use the quick start guide for Umbrella, check out our Umbrella module configuration video on YouTube, or review the in product configuration steps

Learn more about Threat Response here, or check out other FAQs here


Recognize Your Peers
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad