Umbrella

Umbrella automatically uncovers attacker infrastructure staged for current and emerging threats and proactively blocks malicious requests before they reach a customer’s network or endpoints. With integration, customers can stop phishing and malware infections earlier, identify already-infected devices faster, and prevent data exfiltration. The integration provides complete visibility into Internet activity across all locations and users, and allows you to take action with a two-click response to quickly block domains. Multiple Umbrella functions are supported and linked via API keys that have been generated in the Umbrella Platform.

Umbrella Investigate

Umbrella Investigate is Cisco's threat intelligence product, providing a customer view into our global threat data by using a browser or high volume API. The Umbrella Investigate API provides the ability to utilize Umbrella Investigate with Threat Intelligence to perform automated enrichment for IPs and domains that are being investigated.

Umbrella Enforcement

Umbrella Enforcement provides the ability to block and unblock domains in your Umbrella deployment.

Note: To integrate the Umbrella Enforcement API, the user must be an admin in an Umbrella standalone org or child org instead of an admin of an Umbrella console.

Umbrella Reporting

Umbrella Reporting provides details associated with sightings of domain observables that are being investigated.

The functionality provided by Umbrella Reporting allows you to answer this question: Which entities under the protection of my Umbrella deployment have searched for this domain?