In this article, you will learn how to integrate Cisco Umbrella with SecurityCoach. Once you set up this integration, data provided by Cisco Umbrella will be available under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.
To set up this integration, you will need access to a Cisco administrator account.
Create an API Key and API Secret
You'll need to create an API key and API secret in your Cisco Umbrella console for this integration. Follow the steps below to create an API key and API secret.
- Log into your Cisco Umbrella administrator account.
- Navigate to Admin > API Keys.
-
Enter a name for your application, such as “SecurityCoachAPIAccess”.
-
In the Key Scope section, select the Reports option. Then, select Read-Only for the selected scope and resource.
-
Click Create Key.
- Copy and save the API Key and API Secret somewhere that you can easily access.
Note:You will need these credentials to complete the process outlined in the Set Up the Integration in Your KSAT Console section of this article below.
- Click Accept and Close.
Set Up or Update the Integration in Your KSAT Console
Once you have created your Cisco Umbrella API key and API secret, you can set up the integration in your KSAT console. If you created a new API key and API secret for an existing integration, you can also update your integration in your KSAT console.
To learn how to set up or update your Cisco Umbrella integration, see the subsections below.
Set Up the Integration in Your KSAT Console
To set up the integration in your KSAT console, follow the steps below:
- Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate Cisco Umbrella and click Configure.
- Enter your API Key and API Secret in the corresponding fields.
- Click Authorize.
Update the Integration in Your KSAT Console
To update your integration with a new API key and API secret, follow the steps below:
- Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate Cisco Umbrella and click Edit.
- Click Update Registration to update the existing integration.
- Update the values in the API Key and API Secret fields.
- Click Authorize.
Map Your Users
After you’ve finished integrating Cisco Umbrella, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.
Once you’ve successfully authorized this integration, you can manage detection rules for Cisco Umbrella on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.