The Integrations section of the Security Settings page lists various third-party security products—including Cisco AMP Threat Grid—that have been integrated into Umbrella. Umbrella supports third-party integrations through apps, network devices, and the Umbrella Enforcement API. The Umbrella Enforcement API is a REST API that enables threat intelligence and security information event platforms to register domain and security events programmatically.
Once integrated into Umbrella, these products build their own custom destination block list of discovered malicious domains. These integrations can be selected in a policy, just like any other security category, so that any matches against their special destination block lists are prohibited. Umbrella supports logging and reports of the traffic from the integrated networks.
In the following integration example, an organization uses Umbrella and Investigate alongside their own security information event management system, and leverages the Umbrella APIs to create a full feedback loop.
Updated 2 days ago