To interact with any of the Umbrella APIs, create an API Key in the Cisco Umbrella portal and use the credentials to obtain an access token for making requests. To do so, follow the steps bellow:
1. Login into Umbrella Console.
2. Navigate to Admin > API Keys.
3. Click on Add. Fill in the required data: API Key name and select Key Scope. For the integration to work with the least privileges, we recommend the scope of the following image.
4. Copy the API Key and Key Secret, these are required to setup the integration.
5. Once you click on ACCEPT AND CLOSE, you will not be able to see the Key Secret.
1. Log in to you Lumu account through the Lumu Portal and navigate to the integrations screen.
2. Locate the Cisco Umbrella integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button bellow to activate the integration.
4. To activate integration, add a Name and select the Threat Types you want to be pushed to your Destination List. Click Next.
5. Fill in the required information, the API Key and the API Secret with the data collected before. Click Next.
6. Lumu will retrieve for you a list of the available Destination LIsts in your Umbrella account. Select the one that you wish to feed with adversaries detected by Lumu.
The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:
Once the integration is activated, the Destination List will be updated with confirmed compromises found by Lumu within the preceding 30 days.