Cisco Umbrella Management

the cisco umbrella management connector enables automated interactions with cisco umbrella's security services, facilitating threat prevention, detection, and response cisco umbrella management provides a comprehensive cloud delivered security platform that protects against threats on the internet wherever users go this connector allows swimlane turbine users to automate the management of destination lists, internal domains, and security policies within cisco umbrella by integrating with cisco umbrella management, users can streamline threat intelligence, enforce security policies, and enhance visibility across their network infrastructure the connector's actions enable efficient management of security configurations, reducing manual effort and accelerating incident response prerequisites to effectively utilize the cisco umbrella management connector within swimlane turbine, ensure you have the following api key id and secret authentication with these parameters url the endpoint url for cisco umbrella api services api key your unique identifier to authenticate with cisco umbrella api secret the secret key paired with your api key for secure access http basic authentication with these parameters url the endpoint url for cisco umbrella api services username your cisco umbrella account username password your cisco umbrella account password capabilities the cisco umbrella management connector has the following capabilities add destinations to destination list create destination lists create destinations create internal domain delete destinations from destination list delete destination lists delete destinations delete internal domain get destination lists get destinations list internal domains notes https //developer cisco com/docs/cloud security/authentication/#manage key admin api keys https //developer cisco com/docs/cloud security/get destination lists/ configurations cisco umbrella oauth 2 0 client authentication cisco umbrella authenticates using api key id and key secret configuration parameters parameter description type required url a url to the target host string required api key api key id string required api secret api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add destinations to destination list adds destinations to a cisco umbrella destination list using a base64 encoded csv string, requiring 'base64 string' and 'umbrella destinationlist id' endpoint method post input argument name type required description base64 string string required base64 string encoded csv file of the destination data umbrella destinationlist id string required the id of the destination list input example {"base64 string" "awqszgvzdgluyxrpb24sdhlwzsxjb21tzw50lgnyzwf0zwrbdaoxntysd3d3lnn3aw1syw5llmnvbsxkb21haw4sbm9uzswymdixltazlti0idexoju5ojq1cg==","umbrella destinationlist id" "17489153"} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat number response data data modifiedat number response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "317","connection" "keep alive","x ratelimit limit minute" "2000","ratelimit reset" "11","x ratelimit remaining hour" "5995","x ratelimit limit hour" "6000","x ratelimit remaining minute" "1998","ratelimit remaining" "1998","ratelimit limit" "2000","date" "mon, 23 sep 2024 06 46 49 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, pos delete destinations from destination list removes specified destinations from a cisco umbrella destination list using the unique destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations/remove method delete input argument name type required description path parameters destinationlistid string required the unique id of the destination list input example {"json body" \[154],"path parameters" {"destinationlistid" "9891773"}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat number response data data modifiedat number response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "311","connection" "keep alive","x ratelimit remaining minute" "1998","x ratelimit remaining hour" "5998","x ratelimit limit minute" "2000","ratelimit remaining" "1998","ratelimit limit" "2000","ratelimit reset" "16","x ratelimit limit hour" "6000","date" "tue, 10 dec 2024 08 39 45 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, pos create destination list creates a new destination list in cisco umbrella with specified access rights, name, and global status endpoint url policies/v2/destinationlists method post input argument name type required description bundletypeid number optional the type of the destination list in the policy access string optional the type of access for the destination list isglobal boolean optional specifies whether the destination list is a global destination list name string optional the name of the destination list destinations array optional parameter for create destination list destinations comment string optional the comment about the destination destinations destination string optional a domain, url, or ip destinations type string optional the type of the destination input example {"json body" {"bundletypeid" 2,"access" "allow","isglobal"\ false,"name" "the name of the destination list ","destinations" \[{"comment" "comment","destination" "google com","type" "domain"}]}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat number response data data modifiedat number response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "329","connection" "keep alive","x ratelimit limit minute" "2000","ratelimit remaining" "1998","ratelimit limit" "2000","ratelimit reset" "27","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5997","x ratelimit remaining minute" "1998","date" "mon, 23 sep 2024 05 17 34 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, pos create destination add new destinations to a specified list in cisco umbrella using the destinationlistid provided endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations method post input argument name type required description path parameters destinationlistid number required the unique id of the destination list input example {"json body" \[{"destination" "mydestination com","comment" "a comment about the destination"}],"path parameters" {"destinationlistid" 9891773}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat number response data data modifiedat number response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "311","connection" "keep alive","x ratelimit limit minute" "2000","ratelimit reset" "2","ratelimit remaining" "1999","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5999","ratelimit limit" "2000","x ratelimit remaining minute" "1999","date" "mon, 23 sep 2024 04 29 58 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, post delete destination list removes a specified destination list from cisco umbrella using the provided unique destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}} method delete input argument name type required description path parameters destinationlistid string required parameters for the delete destination list action input example {"path parameters" {"destinationlistid" "18075958"}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data array response data data file name string response data data file string response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "45","connection" "keep alive","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5994","ratelimit reset" "56","x ratelimit limit minute" "2000","x ratelimit remaining minute" "1999","ratelimit remaining" "1999","ratelimit limit" "2000","date" "mon, 23 sep 2024 05 58 04 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, post delete destination removes specified destinations from a destination list in cisco umbrella using the destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations/remove method delete input argument name type required description path parameters destinationlistid string required parameters for the delete destination action input example {"path parameters" {"destinationlistid" "18075958"}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat string response data data modifiedat string response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "344","connection" "keep alive","x ratelimit limit minute" "2000","x ratelimit remaining minute" "1998","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5993","ratelimit limit" "2000","ratelimit remaining" "1998","ratelimit reset" "17","access control allow origin" " ","surrogate control" "no store","cache control" "no store, no cache, must revalidate, proxy revalidate","pragma" get all destination lists retrieves all destination lists associated with the organization in cisco umbrella management endpoint url policies/v2/destinationlists method get input argument name type required description parameters page number optional the number of a page in the collection parameters limit number optional the number of records in the collection to return on the page input example {"parameters" {"page" 1,"limit" 100}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value meta object output field meta meta page number output field meta page meta limit number output field meta limit meta total number output field meta total data array response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid object response data data createdat string response data data modifiedat string response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data data meta domaincount number response data data meta urlcount number response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "1178","connection" "keep alive","x ratelimit limit minute" "2000","x ratelimit remaining minute" "1999","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5997","ratelimit limit" "2000","ratelimit remaining" "1999","ratelimit reset" "40","access control allow origin" " ","surrogate control" "no store","cache control" "no store, no cache, must revalidate, proxy revalidate","pragma" get destinations retrieve a list of destinations from a specified list in cisco umbrella management using the provided destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations method get input argument name type required description path parameters destinationlistid number required the unique id of the destination list input example {"path parameters" {"destinationlistid" 9891773}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value meta object output field meta meta page number output field meta page meta limit number output field meta limit meta total number output field meta total data array response data data id string response data data destination string response data data type string response data data comment string response data data createdat string response data output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "423","connection" "keep alive","x ratelimit limit minute" "2000","x ratelimit limit hour" "6000","x ratelimit remaining hour" "5994","ratelimit reset" "57","ratelimit remaining" "1997","ratelimit limit" "2000","x ratelimit remaining minute" "1997","date" "sun, 22 sep 2024 10 06 03 gmt","x powered by" "express","access control allow credentials" "true","access control allow methods" "get, pos create internal domain creates a new internal domain in cisco umbrella management with specified domain details endpoint url deployments/v2/internaldomains method post input argument name type required description domain string optional the internal domain description string optional the description of the internal domain the description is a sequence of characters with a length from 1 through 50 includeallvas boolean optional specifies whether to apply the internal domain to all virtual appliances includeallmobiledevices boolean optional specifies whether to apply the internal domain to all mobile devices siteids array optional the list of site ids associated with the domain input example {"json body" {"domain" "cisco internal com","description" "a description of a domain ","includeallvas"\ false,"includeallmobiledevices"\ false,"siteids" \[3596943]}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier domain string output field domain description string output field description createdat string output field createdat modifiedat string output field modifiedat includeallvas boolean output field includeallvas includeallmobiledevices boolean output field includeallmobiledevices output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit limit second" "5","x ratelimit remaining second" "4","x ratelimit limit minute" "14","x ratelimit remaining minute" "13","x ratelimit limit 1800" "350","x ratelimit remaining 1800" "349","ratelimit limit" "5","ratelimit remaining" "4","ratelimit reset" "1","date" "thu, 23 feb 2023 18 29 02 gmt","cache control" "no cache","vary" "accept encod delete internal domain removes a specified internal domain from cisco umbrella using the provided internaldomainid endpoint url deployments/v2/internaldomains/{{internaldomainid}} method delete input argument name type required description path parameters internaldomainid string required the id of the internal domain input example {"path parameters" {"internaldomainid" "2229578"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {"content type" "application/json; charset=utf 8","connection" "keep alive","x ratelimit limit 1800" "350","x ratelimit remaining 1800" "347","x ratelimit limit second" "5","ratelimit remaining" "4","ratelimit limit" "5","ratelimit reset" "1","x ratelimit remaining second" "4","x ratelimit remaining minute" "13","x ratelimit limit minute" "14","date" "mon, 23 sep 2024 05 46 18 gmt","cache control" "no cache","vary" "accept encoding","x frame options" "sameor list internal domains retrieve and analyze a list of internal domains managed by cisco umbrella for monitoring purposes endpoint url deployments/v2/internaldomains method get input argument name type required description parameters page number optional the number of a page in the collection parameters limit number optional the number of records in the collection to return on the page input example {"parameters" {"page" 1,"limit" 100}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit limit second" "5","x ratelimit remaining second" "4","x ratelimit limit minute" "14","x ratelimit remaining minute" "13","x ratelimit limit 1800" "350","x ratelimit remaining 1800" "349","ratelimit limit" "5","ratelimit remaining" "4","ratelimit reset" "1","date" "thu, 23 feb 2023 20 07 12 gmt","cache control" "no cache","vary" "accept encod response headers header description example access control allow credentials http response header access control allow credentials true access control allow headers http response header access control allow headers content type access control allow methods http response header access control allow methods get, post, options, put, patch, delete access control allow origin http response header access control allow origin access control max age http response header access control max age 1800 cache control directives for caching mechanisms no store, no cache, must revalidate, proxy revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 344 content security policy http response header content security policy default src 'self'; script src 'self' 'unsafe inline'; style src 'self'; img src 'self'; report uri ''; object src 'none' content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated mon, 23 sep 2024 04 29 58 gmt etag an identifier for a specific version of a resource w/"49a r1so1bgslpevtiz8zagvt3fsraq" expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache ratelimit limit http response header ratelimit limit 5 ratelimit remaining http response header ratelimit remaining 1999 ratelimit reset http response header ratelimit reset 11 referrer policy http response header referrer policy no referrer set cookie http response header set cookie connect sid=s%3aigccqclrfryl2fww zglk z7grnedirs gidrjgvrv1%2fo79f4f0am5p5reullayk6qwkbfjso13c; path=/; httponly strict transport security http response header strict transport security max age=31536000; includesubdomains surrogate control http response header surrogate control no store transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content security policy http response header x content security policy default src 'self'; script src 'self' 'unsafe inline'; style src 'self'; img src 'self'; report uri ''; object src 'none' x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options deny x powered by http response header x powered by express x ratelimit limit 1800 http response header x ratelimit limit 1800 350 x ratelimit limit hour http response header x ratelimit limit hour 6000 x ratelimit limit minute http response header x ratelimit limit minute 2000 x ratelimit limit second http response header x ratelimit limit second 5 x ratelimit remaining 1800 http response header x ratelimit remaining 1800 349 x ratelimit remaining hour http response header x ratelimit remaining hour 5997 x ratelimit remaining minute http response header x ratelimit remaining minute 13 x ratelimit remaining second http response header x ratelimit remaining second 4 x webkit csp http response header x webkit csp default src 'self'; script src 'self' 'unsafe inline'; style src 'self'; img src 'self'; report uri ''; object src 'none' x xss protection http response header x xss protection 1; mode=block