Integrating with Cisco

Cisco Umbrella Integration Guide for SecurityCoach

In this article, you will learn how to integrate Cisco Umbrella with SecurityCoach. Once you set up this integration, data provided by Cisco Umbrella will be available under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Important:You may receive a notification in SecurityCoach to update your Cisco Umbrella configuration with a new API key and API secret. If you receive this notification, you'll need to create a new API key and API secret and then update your existing configuration with these new credentials. For more information, see the Create an API Key and API Secret and Update the Integration in Your KSAT Console sections below.

To set up this integration, you will need access to a Cisco administrator account.

Create an API Key and API Secret

You'll need to create an API key and API secret in your Cisco Umbrella console for this integration. Follow the steps below to create an API key and API secret.

  1. Log into your Cisco Umbrella administrator account.
  2. Navigate to Admin > API Keys.
  3. From the top-right corner of the page, click Add.

  4. Enter a name for your application, such as “SecurityCoachAPIAccess”.

  5. In the Key Scope section, select the Reports option. Then, select Read-Only for the selected scope and resource.

  6. For the Expiry Date, select Never expire.

  7. Click Create Key.

  8. Copy and save the API Key and API Secret somewhere that you can easily access.
    Note:You will need these credentials to complete the process outlined in the Set Up the Integration in Your KSAT Console section of this article below.
  9. Click Accept and Close.

Set Up or Update the Integration in Your KSAT Console

Once you have created your Cisco Umbrella API key and API secret, you can set up the integration in your KSAT console. If you created a new API key and API secret for an existing integration, you can also update your integration in your KSAT console.

To learn how to set up or update your Cisco Umbrella integration, see the subsections below. 

Set Up the Integration in Your KSAT Console

To set up the integration in your KSAT console, follow the steps below:

  1. Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
  2. Locate Cisco Umbrella and click Configure.

  3. Enter your API Key and API Secret in the corresponding fields.
  4. Click Authorize.

Update the Integration in Your KSAT Console

To update your integration with a new API key and API secret, follow the steps below:

  1. Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
  2. Locate Cisco Umbrella and click Edit.
  3. Click Update Registration to update the existing integration.
  4. Update the values in the API Key and API Secret fields.
  5. Click Authorize.

Map Your Users

After you’ve finished integrating Cisco Umbrella, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.

Once you’ve successfully authorized this integration, you can manage detection rules for Cisco Umbrella on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.

Can't find what you're looking for?

Contact Support