The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Umbrella Integration with SecureX

Cisco SecureX is a cloud-native incident and threat response platform that builds from Cisco Threat Response. SecureX aggregates third-party security platform APIs and the Cisco Security portfolio including Umbrella. In SecureX, you can respond to integrated threat information, and view global threat intelligence and local insights. For more information, see Cisco SecureX Getting Started Guide.

Table of Contents


  • Cisco Threat Response license
  • SecureX Umbrella module

If you have a Cisco Threat Response license, SecureX pre-configures the Umbrella module. If you do not have a Cisco Threat Response license, you can enable Cisco Threat Response and the SecureX Umbrella module.

For more information, see Cisco Threat Response Configuration Tutorials: Introduction.

Note: SecureX is freely available with any Umbrella package.

How to Log Into SecureX

To log into SecureX from Umbrella, launch SecureX from the SecureX ribbon. For information about the SecureX ribbon, see Cisco SecureX Ribbon.

  1. Navigate to the SecureX ribbon (banner at the lower end of any Umbrella page).
  2. Click the Home or the + (Expand) icon.
  3. Click Get SecureX.
  4. Select your Region Preference and click the check box to acknowledge this preference.

From the SecureX login window, choose an account and log into SecureX.

  • SecureX via Cisco Security Account. You can log into SecureX with your Cisco Threat Response or Cisco Advanced Malware Protection credentials.
  • SecureX via Cisco Secure Malware Analytics. You can log into SecureX with your Cisco Threat Grid credentials.
  • SecureX via SecureX Sign-on. You can create a Cisco SecureX account or log into SecureX with your Cisco SecureX credentials.

For more information, see SecureX Single Sign-On Guide.

SecureX Umbrella Module

To enable an integration with SecureX, you can set up a SecureX module. SecureX represents aggregated API threat response data through a module.

SecureX provides four pre-configured modules:

  • Advanced Malware Protection (AMP) Global Intel
  • Private AMP Global Intel
  • AMP File Reputation
  • Talos Intelligence

The SecureX Umbrella module aggregates data from three Umbrella APIs:

  • Umbrella Enforcement API
  • Umbrella Investigate API
  • Umbrella Reporting v2 API

Note: If you have an Umbrella package that licenses at least one of the integrated Umbrella APIs, you can enable the SecureX Umbrella module.

Enable the SecureX Umbrella Module

In SecureX, set up your Umbrella API credentials in the Umbrella module. For information about configuring the SecureX Umbrella module, see Cisco Threat Response Configuration Tutorials: Umbrella Module.

The SecureX Umbrella module enables:

  • Global intelligence and local insights. View threat response and intelligence information about domains.
  • Response capabilities. Add a suspicious or malicious domain to a destination block list managed by Umbrella.
  • Secure login to Umbrella from SecureX.

Manage the SecureX Ribbon

If you choose to remove the SecureX ribbon from Umbrella, you can not access SecureX from Umbrella. At any time, you can enable the SecureX ribbon again. For information about managing the SecureX ribbon in Umbrella, see Remove the SecureX Ribbon and Restore the SecureX Ribbon.

Learn More About SecureX

Log into SecureX to view the SecureX online help and release notes.

Determine Current Package < Umbrella Integration with SecureX > Remove the SecureX Ribbon

Updated about 5 hours ago

Umbrella Integration with SecureX

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.