• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • Navigation-dropdown-promo-threat-report_020521
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Product

Now available: Umbrella reporting API & management API

By Negisa Taymourian
Posted on October 9, 2018
Updated on March 24, 2020

Share

Facebook0Tweet0LinkedIn0

When we built Umbrella, we wanted everything — from deployment to interacting with the dashboard — to be a delightful experience for our users. But sometimes delivering a great user experience has nothing to do with Umbrella itself, but how we can build Umbrella to work with our customers own tools and workflows. That’s where APIs come in.

Today, we have APIs that do some pretty amazing things, such as add more value to existing products and make the deployment of Umbrella across a Meraki network even easier. In the future, we want to extend the capabilities of Umbrella even further — by allowing our customers to do anything they currently do in our product via API. We’re excited to announce two new APIs that bring us closer to that goal — the reporting API and management API.

Reporting API

When investigating suspicious domains, time is of the essence. Analysts need to be able to gather information fast— and accessing it needs to be easy. Analysts need to be able to effectively filter through massive amounts of data and identify the relevant security events. But this is often difficult to do since only a minute portion of all events are related to a security event.

The new reporting API enables security teams to quickly extract key events from Umbrella and easily access the events via their SIEM, TIP or any other security orchestration tool. The API significantly improves search for risky domains by allowing analysts to view Umbrella events and queries tied to known malicious and suspicious domains, as well as relevant data from other security tools all on a single pane of glass.

In addition, the API allows analysts to be able to easily evaluate the level of exposure to a malicious or suspicious domain by reviewing a snapshot of key details such as total volume of DNS resolutions for the domain and the specific users affected within their network.

Customers can also use the reporting API to integrate their Umbrella data with other threat intelligence in Cisco Threat Response. The reporting API is now available for customers with any Cisco Umbrella enterprise package.

Management API

We developed the management API to provide direct customers, multi-org users, SPs, MSPs, and MSSPs with the ability to manage Umbrella at scale. The new management API enables customers to automate processes and aggregate customer data and management. Administrators can easily complete tasks such as creating, reading, updating, or deleting identities using their own internal tools.
What does this look like in the real world?

Super Secure, Inc. is a (fictitious) MSSP with (real) challenges — they needed a streamlined way to manage Umbrella that fit into their unique workflows. With the management API, they can complete a number of tasks quickly and easily using a single pane of glass approach.

Let’s look at an example:

  1. New customer provisioned by the Super Secure, Inc. via API.
  2. Internal script is able to check that all customers are sending traffic.
  3. A new router is provisioned that doesn’t point DNS to Umbrella.
  4. MSSP is notified immediately within their internal tool and remediates.

This is just one example. We’re looking forward to the many ways customers will take advantage of the API. To learn more about configuring the management API, read the technical documentation.

Stay tuned for more updates around our API journey next month.

Resources:
Umbrella APIs overview
Management API – technical documentation 

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella