The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Security Categories

By default, three security categories are enabled: Malware, Command Control Callbacks, and Phishing. In general, we suggest that you find the right combination of security categories for your organization's policies.

  • Malware—Blocks requests to access servers hosting malware and websites compromised through any application, protocol, or port. Recommended.
  • Newly Seen Domains—Blocks access to domains that are being queried through Umbrella for the first time and for which Umbrella has not yet seen a client lookup. For more information, see Newly Seen Domains Security Category.
  • Command Control Callbacks—Prevents compromised devices from communicating with command and control servers through any application, protocol or port. Also, this setting helps identify potentially infected machines on your network. Recommended.
  • Phishing Attacks—Blocks access to fraudulent websites that are designed to steal personal information. Recommended.
  • Dynamic DNS—Blocks access to sites that host dynamic DNS content.
  • Potentially Harmful Domains—Blocks access to domains that exhibit suspicious behavior and may be part of an attack. For more information, see "Potentially Harmful" Security Category.
  • DNS Tunneling VPN—Blocks VPN services that allow users to disguise their traffic by tunneling it through the DNS protocol. These services can be used to bypass corporate policies regarding access and data transfers.
  • Cryptomining—Blocks access to crypto mining pools where "miners" group together and share resources—processing power—to better gather and share cryptocurrencies. Also blocks known web crypto mining source code repositories.

Manage Security Settings < Security Categories > Dispute a Security Categorization

Updated 2 days ago

Security Categories


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.