Cisco Umbrella Enforcement

The Cisco Umbrella integration with ThreatConnect allows Host and URL indicators to be added and removed from the Cisco Umbrella Platform over the Cisco Umbrella Enforcement API.

The integration enables ThreatConnect to add or remove domains or full IOCs with Umbrella.
Users can block internet activity attributed to domains or IOCs over any port, protocol, or app without adding latency or complexity.
Users can gain instant global visibility of any devices requesting suspicious domains.
Cisco Umbrella’s predictive intelligence uses an up-to-the-minute view and analysis of 70+ billion daily DNS requests to stay ahead of attacks.

The following actions are available:

Cisco Umbrella Allow Indicators
- When managing an incident, it’s often useful to take common action on all related indicators. This Playbook Template looks up all indicators tied to an incident that has the Cisco Umbrella Block” tag removed, unblocks them on Cisco Umbrella, and logs the event to the incident.
Cisco Umbrella Block Indicators:
- When managing an incident, it’s often useful to take common action on all related indicators. This Playbook template looks up all indicators tied to an incident that’s been tagged “Cisco Umbrella Blocked,” deploys them on Cisco Umbrella, and logs the event to the incident.

This listing can be found in the ThreatConnect App Catalog under the name Cisco Umbrella Enforcement.

Categories:

ThreatConnect

Cisco Umbrella Enforcement

Developers

Company

Related Resources

Categories:

ThreatConnect

Cisco Umbrella Enforcement

Related Apps

McAfee Web Gateway

Network Security

Zscaler Internet Access

Network Security

Palo Alto Networks NGFW

Network Security

Developers

Company