Cisco Umbrella Out-of-the-box Response Integration
Requirements
- A Cisco Umbrella DNS Security Essentials subscription package or above
- Lumu Defender Subscription
Setup Cisco Umbrella
Rest API Client
To interact with any of the Umbrella APIs, create an API Key in the Cisco Umbrella portal and use the credentials to obtain an access token for making requests. To do so, follow the steps bellow:
1. Login into Umbrella Console.
2. Navigate to Admin > API Keys.
3. Click on Add. Fill in the required data: API Key name and select Key Scope. For the integration to work with the least privileges, we recommend the scope of the following image.
4. Copy the API Key and Key Secret, these are required to setup the integration.
5. Once you click on ACCEPT AND CLOSE, you will not be able to see the Key Secret.
Add Integration
1. Log in to you Lumu account through the Lumu Portal and navigate to the integrations screen.
2. Locate the Cisco Umbrella integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button bellow to activate the integration.
4. To activate integration, add a Name and select the Threat Types you want to be pushed to your Destination List. Click Next.
5. Fill in the required information, the API Key and the API Secret with the data collected before. Click Next.
6. Lumu will retrieve for you a list of the available Destination LIsts in your Umbrella account. Select the one that you wish to feed with adversaries detected by Lumu.
The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:
Once the integration is activated, the Destination List will be updated with confirmed compromises found by Lumu within the preceding 30 days.
Related Articles
Cisco Umbrella Custom Response Integration with Lumu Defender API
Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...Cisco Umbrella Out-of-the-Box Data Collection Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements A Cisco Umbrella DNS Security Essentials subscription or above An active Lumu Defender Subscription Setup Cisco Umbrella Rest API Client To ...Cisco Firepower Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Cisco Firepower to receive and block adversaries detected by Lumu and improve the detection & ...Lumu Out-of-the-box Integrations
For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...Cisco Meraki Out-of-the-Box Response Integration
Requirements Cisco Meraki A Cisco deployment with MX devices is needed to work with Firewall rules. To get more information about licensing options, you can consult the documentation on Meraki MX Security and SD-WAN Licensing. An active Lumu Defender ...