Guides
ProductDeveloperPartnerPersonal
Guides

Umbrella Integration with SecureX

Cisco SecureX is a cloud-native incident and threat response platform that builds from Cisco Threat Response. SecureX aggregates third-party security platform APIs and the Cisco Security portfolio including Umbrella. In SecureX, you can respond to integrated threat information, and view global threat intelligence and local insights. For more information, see Cisco SecureX Getting Started Guide, or log into SecureX and view Cisco SecureX Help or Cisco SecureX Release Notes.

Table of Contents

Prerequisites

  • Cisco Threat Response license
  • SecureX Umbrella module

If you have a Cisco Threat Response license, SecureX pre-configures the Umbrella module. If you do not have a Cisco Threat Response license, you can enable Cisco Threat Response and the SecureX Umbrella module.

For more information, see Cisco Threat Response Configuration Tutorials: Introduction.

Note: SecureX is freely available with any Umbrella package.

SecureX Umbrella Module

To enable an integration with SecureX, you can set up a SecureX module. SecureX represents aggregated API threat response data through a module.

SecureX provides four pre-configured modules:

  • Advanced Malware Protection (AMP) Global Intel
  • Private AMP Global Intel
  • AMP File Reputation
  • Talos Intelligence

The SecureX Umbrella module aggregates data from three Umbrella APIs:

  • Umbrella Enforcement API
  • Umbrella Investigate API
  • Umbrella Reporting v2 API

Note: If you have an Umbrella package that licenses at least one of the integrated Umbrella APIs, you can enable the SecureX Umbrella module.

Enable the SecureX Umbrella Module

In SecureX, set up your Umbrella API credentials in the Umbrella module. For information about configuring the SecureX Umbrella module, see Cisco Threat Response Configuration Tutorials: Umbrella Module.

The SecureX Umbrella module enables:

  • Global intelligence and local insights. View threat response and intelligence information about domains.
  • Response capabilities. Add a suspicious or malicious domain to a destination block list managed by Umbrella.
  • Secure login to Umbrella from SecureX.

Manage the SecureX Ribbon

If you choose to remove the SecureX ribbon from Umbrella, you can not access SecureX from Umbrella. At any time, you can enable the SecureX ribbon again. For information about managing the SecureX ribbon in Umbrella, see Remove the SecureX Ribbon and Restore the SecureX Ribbon.


Get Started FAQ < Umbrella Integration with SecureX > Log into SecureX