Cisco Umbrella Management

the cisco umbrella management connector enables automated interactions with cisco umbrella's security services, facilitating threat prevention, detection, and response cisco umbrella management provides a comprehensive cloud delivered security platform that protects against threats on the internet wherever users go this connector allows swimlane turbine users to automate the management of destination lists, internal domains, and security policies within cisco umbrella by integrating with cisco umbrella management, users can streamline threat intelligence, enforce security policies, and enhance visibility across their network infrastructure the connector's actions enable efficient management of security configurations, reducing manual effort and accelerating incident response prerequisites to effectively utilize the cisco umbrella management connector within swimlane turbine, ensure you have the following api key id and secret authentication with these parameters url the endpoint url for cisco umbrella api services api key your unique identifier to authenticate with cisco umbrella api secret the secret key paired with your api key for secure access http basic authentication with these parameters url the endpoint url for cisco umbrella api services username your cisco umbrella account username password your cisco umbrella account password capabilities the cisco umbrella management connector has the following capabilities add destinations to destination list create destination lists create destinations create internal domain delete destinations from destination list delete destination lists delete destinations delete internal domain get destination lists get destinations list internal domains configurations cisco umbrella oauth 2 0 client authentication cisco umbrella authenticates using api key id and key secret configuration parameters parameter description type required url a url to the target host string required api key api key id string required api secret api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add destinations to destination list adds destinations to a cisco umbrella destination list using a base64 encoded csv string, requiring 'base64 string' and 'umbrella destinationlist id' endpoint method post input argument name type required description input argument name type required description base64 string string required base64 string encoded csv file of the destination data umbrella destinationlist id string required the id of the destination list output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data object response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat number output field createdat modifiedat number output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "317", "connection" "keep alive", "x ratelimit limit minute" "2000", "ratelimit reset" "11", "x ratelimit remaining hour" "5995", "x ratelimit limit hour" "6000", "x ratelimit remaining minute" "1998", "ratelimit remaining" "1998", "ratelimit limit" "2000", "date" "mon, 23 sep 2024 06 46 49 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "data" {} } } ] delete destinations from destination list removes specified destinations from a cisco umbrella destination list using the unique destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations/remove method delete input argument name type required description input argument name type required description destinationlistid string required the unique id of the destination list output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data object response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat number output field createdat modifiedat number output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "311", "connection" "keep alive", "x ratelimit remaining minute" "1998", "x ratelimit remaining hour" "5998", "x ratelimit limit minute" "2000", "ratelimit remaining" "1998", "ratelimit limit" "2000", "ratelimit reset" "16", "x ratelimit limit hour" "6000", "date" "tue, 10 dec 2024 08 39 45 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "data" {} } } ] create destination list creates a new destination list in cisco umbrella with specified access rights, name, and global status endpoint url policies/v2/destinationlists method post input argument name type required description input argument name type required description bundletypeid number optional the type of the destination list in the policy access string required the type of access for the destination list isglobal boolean required specifies whether the destination list is a global destination list name string required the name of the destination list destinations array optional parameter for create destination list comment string optional the comment about the destination destination string optional a domain, url, or ip type string optional the type of the destination output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data object response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat number output field createdat modifiedat number output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "329", "connection" "keep alive", "x ratelimit limit minute" "2000", "ratelimit remaining" "1998", "ratelimit limit" "2000", "ratelimit reset" "27", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5997", "x ratelimit remaining minute" "1998", "date" "mon, 23 sep 2024 05 17 34 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "data" {} } } ] create destination add new destinations to a specified list in cisco umbrella using the destinationlistid provided endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations method post input argument name type required description input argument name type required description destinationlistid number required the unique id of the destination list destination string required a domain, url, or ip comment string optional a comment about the destination output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data object response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat number output field createdat modifiedat number output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "311", "connection" "keep alive", "x ratelimit limit minute" "2000", "ratelimit reset" "2", "ratelimit remaining" "1999", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5999", "ratelimit limit" "2000", "x ratelimit remaining minute" "1999", "date" "mon, 23 sep 2024 04 29 58 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "data" {} } } ] delete destination list removes a specified destination list from cisco umbrella using the provided unique destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}} method delete input argument name type required description input argument name type required description destinationlistid string required unique identifier output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data array response data file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5994", "ratelimit reset" "56", "x ratelimit limit minute" "2000", "x ratelimit remaining minute" "1999", "ratelimit remaining" "1999", "ratelimit limit" "2000", "date" "mon, 23 sep 2024 05 58 04 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "data" \[] } } ] delete destination removes specified destinations from a destination list in cisco umbrella using the destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations/remove method delete input argument name type required description input argument name type required description destinationlistid string required unique identifier output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text data object response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat string output field createdat modifiedat string output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "344", "connection" "keep alive", "x ratelimit limit minute" "2000", "x ratelimit remaining minute" "1998", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5993", "ratelimit limit" "2000", "ratelimit remaining" "1998", "ratelimit reset" "17", "access control allow origin" " ", "surrogate control" "no store", "cache control" "no store, no cache, must revalidate, proxy revalidate", "pragma" "no cache", "expires" "0" }, "reason" "ok", "json body" { "status" {}, "data" {} } } ] get all destination lists retrieves all destination lists associated with the organization in cisco umbrella management endpoint url policies/v2/destinationlists method get input argument name type required description input argument name type required description page number optional the number of a page in the collection limit number optional the number of records in the collection to return on the page output parameter type description parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text meta object output field meta page number output field page limit number output field limit total number output field total data array response data id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid object unique identifier createdat string output field createdat modifiedat string output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta destinationcount number count value domaincount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "1178", "connection" "keep alive", "x ratelimit limit minute" "2000", "x ratelimit remaining minute" "1999", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5997", "ratelimit limit" "2000", "ratelimit remaining" "1999", "ratelimit reset" "40", "access control allow origin" " ", "surrogate control" "no store", "cache control" "no store, no cache, must revalidate, proxy revalidate", "pragma" "no cache", "expires" "0" }, "reason" "ok", "json body" { "status" {}, "meta" {}, "data" \[] } } ] get destinations retrieve a list of destinations from a specified list in cisco umbrella management using the provided destinationlistid endpoint url policies/v2/destinationlists/{{destinationlistid}}/destinations method get input argument name type required description input argument name type required description destinationlistid number required the unique id of the destination list output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase status object status value code number output field code text string output field text meta object output field meta page number output field page limit number output field limit total number output field total data array response data id string unique identifier destination string output field destination type string type of the resource comment string output field comment createdat string output field createdat example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "423", "connection" "keep alive", "x ratelimit limit minute" "2000", "x ratelimit limit hour" "6000", "x ratelimit remaining hour" "5994", "ratelimit reset" "57", "ratelimit remaining" "1997", "ratelimit limit" "2000", "x ratelimit remaining minute" "1997", "date" "sun, 22 sep 2024 10 06 03 gmt", "x powered by" "express", "access control allow credentials" "true", "access control allow methods" "get, post, options, put, patch, delete", "access control allow headers" "content type" }, "reason" "ok", "json body" { "status" {}, "meta" {}, "data" \[] } } ] create internal domain creates a new internal domain in cisco umbrella management with specified domain details endpoint url deployments/v2/internaldomains method post input argument name type required description input argument name type required description domain string required the internal domain description string optional the description of the internal domain the description is a sequence of characters with a length from 1 through 50 includeallvas boolean optional specifies whether to apply the internal domain to all virtual appliances includeallmobiledevices boolean optional specifies whether to apply the internal domain to all mobile devices siteids array optional the list of site ids associated with the domain output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier domain string output field domain description string output field description createdat string output field createdat modifiedat string output field modifiedat includeallvas boolean output field includeallvas includeallmobiledevices boolean output field includeallmobiledevices example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit limit second" "5", "x ratelimit remaining second" "4", "x ratelimit limit minute" "14", "x ratelimit remaining minute" "13", "x ratelimit limit 1800" "350", "x ratelimit remaining 1800" "349", "ratelimit limit" "5", "ratelimit remaining" "4", "ratelimit reset" "1", "date" "thu, 23 feb 2023 18 29 02 gmt", "cache control" "no cache", "vary" "accept encoding" }, "reason" "ok", "json body" { "id" 1135364, "domain" "test testdomain com", "description" "connector test domain", "createdat" "2023 02 23t18 29 01 000z", "modifiedat" "2023 02 23t18 29 01 000z", "includeallvas" false, "includeallmobiledevices" false } } ] delete internal domain removes a specified internal domain from cisco umbrella using the provided internaldomainid endpoint url deployments/v2/internaldomains/{{internaldomainid}} method delete input argument name type required description input argument name type required description internaldomainid string required the id of the internal domain output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "content type" "application/json; charset=utf 8", "connection" "keep alive", "x ratelimit limit 1800" "350", "x ratelimit remaining 1800" "347", "x ratelimit limit second" "5", "ratelimit remaining" "4", "ratelimit limit" "5", "ratelimit reset" "1", "x ratelimit remaining second" "4", "x ratelimit remaining minute" "13", "x ratelimit limit minute" "14", "date" "mon, 23 sep 2024 05 46 18 gmt", "cache control" "no cache", "vary" "accept encoding", "x frame options" "sameorigin" }, "reason" "no content", "response text" "" } ] list internal domains retrieve and analyze a list of internal domains managed by cisco umbrella for monitoring purposes endpoint url deployments/v2/internaldomains method get input argument name type required description input argument name type required description page number optional the number of a page in the collection limit number optional the number of records in the collection to return on the page output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit limit second" "5", "x ratelimit remaining second" "4", "x ratelimit limit minute" "14", "x ratelimit remaining minute" "13", "x ratelimit limit 1800" "350", "x ratelimit remaining 1800" "349", "ratelimit limit" "5", "ratelimit remaining" "4", "ratelimit reset" "1", "date" "thu, 23 feb 2023 20 07 12 gmt", "cache control" "no cache", "vary" "accept encoding" }, "reason" "ok", "json body" \[ { "id" 0, "domain" "10 in addr arpa", "createdat" "1970 01 01t00 00 00 000z", "modifiedat" "1970 01 01t00 00 00 000z", "description" "", "includeallvas" true, "includeallmobiledevices" true }, { "id" 0, "domain" "16 172 in addr arpa", "createdat" "1970 01 01t00 00 00 000z", "modifiedat" "1970 01 01t00 00 00 000z", "description" "", "includeallvas" true, "includeallmobiledevices" true }, { "id" 0, "domain" "17 172 in addr arpa", "createdat" "1970 01 01t00 00 00 000z", "modifiedat" "1970 01 01t00 00 00 000z", "description" "", "includeallvas" true, "includeallmobiledevices" true } ] } ] response headers header description example access control allow credentials http response header access control allow credentials true access control allow headers http response header access control allow headers content type access control allow methods http response header access control allow methods get, post, options, put, patch, delete access control allow origin http response header access control allow origin access control max age http response header access control max age 1800 cache control directives for caching mechanisms no cache connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 344 content security policy http response header content security policy default src 'self'; script src 'self' 'unsafe inline'; style src 'self'; img src 'self'; report uri ''; object src 'none' content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 23 feb 2023 20 07 12 gmt etag an identifier for a specific version of a resource w/"1a7 bam/7ygip/l52rlq0jio1fin1w4" expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache ratelimit limit http response header ratelimit limit 5 ratelimit remaining http response header ratelimit remaining 1999 ratelimit reset http response header ratelimit reset 17 referrer policy http response header referrer policy no referrer set cookie http response header set cookie connect sid=s%3ajhmwf5cvpb2rvl5y5vgquksiunmu um 1i3lnn7v202yhiv5vucb0kfgwxjsesd%2bpfyrnwfzeze; path=/; httponly strict transport security http response header strict transport security max age=31536000; includesubdomains surrogate control http response header surrogate control no store transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content security policy http response header x content security policy default src 'self'; script src 'self' 'unsafe inline'; style src 'self'; img src 'self'; report uri ''; object src 'none' notes authentication https //developer cisco com/docs/cloud security/authentication/#manage key admin api keysdocumentation https //developer cisco com/docs/cloud security/get destination lists/