Cisco SecureX is a cloud-native incident and threat response platform that builds from Cisco Threat Response. SecureX aggregates third-party security platform APIs and the Cisco Security portfolio including Umbrella. In SecureX, you can respond to integrated threat information, and view global threat intelligence and local insights. For more information, see Cisco SecureX Getting Started Guide, or log into SecureX and view Cisco SecureX Help or Cisco SecureX Release Notes.
To enable an integration with SecureX, you can set up a SecureX module. SecureX represents aggregated API threat response data through a module.
SecureX provides four pre-configured modules:
- Advanced Malware Protection (AMP) Global Intel
- Private AMP Global Intel
- AMP File Reputation
- Talos Intelligence
The SecureX Umbrella module aggregates data from three Umbrella APIs:
- Umbrella Enforcement API
- Umbrella Investigate API
- Umbrella Reporting v2 API
Note: If you have an Umbrella package that licenses at least one of the integrated Umbrella APIs, you can enable the SecureX Umbrella module.
In SecureX, set up your Umbrella API credentials in the Umbrella module. For information about configuring the SecureX Umbrella module, see Cisco Threat Response Configuration Tutorials: Umbrella Module.
The SecureX Umbrella module enables:
- Global intelligence and local insights. View threat response and intelligence information about domains.
- Response capabilities. Add a suspicious or malicious domain to a destination block list managed by Umbrella.
- Secure login to Umbrella from SecureX.
If you choose to remove the SecureX ribbon from Umbrella, you can not access SecureX from Umbrella. At any time, you can enable the SecureX ribbon again. For information about managing the SecureX ribbon in Umbrella, see Remove the SecureX Ribbon and Restore the SecureX Ribbon.
Updated about 21 hours ago