Cisco Umbrella
Visualize Cisco Umbrella networks, domains, destinations, users, and discovered applications in the JupiterOne graph. Use this integration to also map Cisco Umbrella users to employees in your JupiterOne account and to monitor changes to Cisco Umbrella entities using JupiterOne alerts.
- Installation guide
- Cisco Umbrella data model
Installation
Cisco Umbrella supports the use of API keys to authenticate API requests. You need access to an account that has permissions to create a new API key. You must also have permission in JupiterOne to install new integrations.
Configuration in Cisco Umbrella
Generate an API key.
Provide the API key with the minimum scopes:
Admin/Roles - Read-Only
Admin/Users - Read-Only
Deployments - Read-Only
Policies/Destination Lists - Read-Only
Policies/Destinations - Read-Only
Reports/App Discovery - Read-Only
Future improvements may require additional scopes be added.
Record the API Key and Key Secret values.
Configuration in JupiterOne
To install the Cisco Umbrella integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cisco Umbrella. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Cisco Umbrella account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Cisco Umbrella API key and Key Secret generated for use by JupiterOne.
Click Create after all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | cisco_umbrella_account | Account |
| Application | cisco_umbrella_application | Application |
| Application Category | cisco_umbrella_application_category | Group |
| Destination | cisco_umbrella_destination | Record |
| Destination List | cisco_umbrella_destination_list | Record |
| Domain | cisco_umbrella_domain | Domain |
| Network | cisco_umbrella_network | Network |
| Network Device | cisco_umbrella_network_device | Device |
| Network Tunnel | cisco_umbrella_network_tunnel | NetworkEndpoint |
| Policy | cisco_umbrella_policy | Policy |
| Site | cisco_umbrella_site | Site |
| System Role | cisco_umbrella_role | AccessRole |
| System User | cisco_umbrella_user | User |
| Virtual Appliance | cisco_umbrella_virtual_appliance | Gateway |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
cisco_umbrella_account | HAS | cisco_umbrella_application |
cisco_umbrella_account | HAS | cisco_umbrella_destination_list |
cisco_umbrella_account | HAS | cisco_umbrella_domain |
cisco_umbrella_account | HAS | cisco_umbrella_network |
cisco_umbrella_account | HAS | cisco_umbrella_network_device |
cisco_umbrella_account | HAS | cisco_umbrella_policy |
cisco_umbrella_account | HAS | cisco_umbrella_site |
cisco_umbrella_account | HAS | cisco_umbrella_user |
cisco_umbrella_application | HAS | cisco_umbrella_application_category |
cisco_umbrella_destination_list | HAS | cisco_umbrella_destination |
cisco_umbrella_site | HAS | cisco_umbrella_network_tunnel |
cisco_umbrella_site | HAS | cisco_umbrella_virtual_appliance |
cisco_umbrella_user | ASSIGNED | cisco_umbrella_role |
cisco_umbrella_virtual_appliance | USES | cisco_umbrella_domain |