Cisco Umbrella Enforcement

the umbrella enforcement api enables you to programmatically integrate partner network security events with umbrella authentication the umbrella investigate api uses https and bearer token authentication to get started, log in to umbrella and create an investigate api access token configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required customerkey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete domain deletes a domain from the shared customer's domain list endpoint url /domains/{{name or id}} method delete input argument name type required description path parameters name or id string required parameters for the delete domain action input example {"path parameters" {"name or id" "test"}} list domains gathers the lists of domains already added to the shared customer's domain list endpoint url domains method get output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta page number output field meta page meta limit number output field meta limit meta prev boolean output field meta prev meta next boolean output field meta next data array response data data id number response data data name string response data data lastseenat number response data output example {"status code" 200,"response headers" {"server" "nginx","date" "sun, 12 feb 2023 17 12 36 gmt","content type" "application/json","content length" "262","connection" "keep alive","strict transport security" "max age=15768000; includesubdomains","x frame options" "sameorigin","x xss protection" "1; mode=block","x content type options" "nosniff"},"reason" "ok","json body" {"meta" {"page" 1,"limit" 200,"prev"\ false,"next"\ false},"data" \[{},{},{}]}} post domain posts a malicious event to the api for processing and optionally adding to a customer's domain lists endpoint url /events method post input argument name type required description providername string optional unique identifier protocolversion string optional parameter for post domain alerttime string optional time value deviceid string optional unique identifier deviceversion string optional parameter for post domain dstdomain string optional parameter for post domain dsturl string optional url endpoint for the request eventtime string optional time value disabledstsafeguards string optional parameter for post domain dstip string optional parameter for post domain eventdescription string optional parameter for post domain eventhash string optional parameter for post domain eventseverity string optional parameter for post domain eventtype string optional type of the resource externalurl string optional url endpoint for the request filehash string optional parameter for post domain filename string optional name of the resource src string optional parameter for post domain input example {"json body" {"providername" "provider name","protocolversion" "1","alerttime" "2013 02 08t09 30 26 0z","deviceid" "ba6a59f4 e692 4724 ba36 c28132c761de","deviceversion" "13 7a","dstdomain" "www internetbadguys com","dsturl" "http //internetbadguys com/security?foo=there%20are%20spaces%20here","eventtime" "2013 02 08t09 30 26 0z","disabledstsafeguards" "","dstip" "8 8 8 8","eventdescription" "win32/crilock a","eventhash" "d41d8cd98f00b204e9800998ecf8427e","eventseverity" "high","eventtype" "cryptolocker","externalurl" "http //groogle com/malware html","filehash" "da39a3ee5e6b4b0d3255bfef95601890afd80709","filename" "%appdata%roamingmicrosoftwindowstemplatesrandom exe","src" "192 168 100 101"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier output example {"status code" 202,"response headers" {"server" "nginx","date" "sun, 12 feb 2023 17 31 16 gmt","content type" "application/json","content length" "45","connection" "keep alive","strict transport security" "max age=15768000; includesubdomains"},"reason" "accepted","json body" {"id" "7108b501,4656,4378,90b2 d9712d347b09"}} response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 45 content type the media type of the resource application/json date the date and time at which the message was originated sun, 12 feb 2023 17 12 36 gmt server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=15768000; includesubdomains x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block