The information provided in the Umbrella Investigate API is the result of statistical analysis run against DNS traffic and oriented toward security research. These results are generated from the terabytes of DNS traffic to the Umbrella DNS resolvers and not from samples of infected websites or clients. As such, they are considered to be predictors or indicators of potentially malicious domains or IPs. With the exception of the Domain Status categorization, the scores generated for any given IP or domain are intended to assist with predictive analysis and to find additional information regarding network activity deemed suspicious as part of research into security incidents.
Cisco Umbrella reserves the right to add fields to the API endpoints and methods listed below. However, we will not remove any of the endpoints listed below in future versions of the API.
In Umbrella, you can create and manage your API access tokens from your account settings. You can have multiple API access tokens active for use at a given time. You must have administrative privileges to provision or delete API access tokens.
To create an access token, follow these steps:
- In Umbrella, navigate to Investigate > API Keys.
- To create your first API access token, click Create New Token.
- Give the token a name, then click Create. The generated token includes the email address of the person who created it and the creation date. The token is revokable by clicking the delete icon.
Your API access tokens carry many privileges, so be sure to keep them secret and do not expose them on public web resources.
You can authenticate requests to the Investigate API with your access token. In a request, include your access token in the Bearer authorization header. All API requests must use HTTPS. Calls made over plain HTTP will fail. You must supply a valid access token in all requests.
Updated 22 days ago