Skip to main content

Cisco Umbrella

Visualize Cisco Umbrella networks, domains, destinations, users, and discovered applications in the JupiterOne graph. Use this integration to also map Cisco Umbrella users to employees in your JupiterOne account and to monitor changes to Cisco Umbrella entities using JupiterOne alerts.



Cisco Umbrella supports the use of API keys to authenticate API requests. You need access to an account that has permissions to create a new API key. You must also have permission in JupiterOne to install new integrations.

Configuration in Cisco Umbrella

  1. Generate an API key.

  2. Provide the API key with the minimum scopes:

    • Admin/Roles - Read-Only

    • Admin/Users - Read-Only

    • Deployments - Read-Only

    • Policies/Destination Lists - Read-Only

    • Policies/Destinations - Read-Only

    • Reports/App Discovery - Read-Only

      Future improvements may require additional scopes be added.

  3. Record the API Key and Key Secret values.

Configuration in JupiterOne

To install the Cisco Umbrella integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cisco Umbrella. Click New Instance to begin configuring your integration.

Creating a configuration requires the following:

  • The Account Name used to identify the Cisco Umbrella account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Cisco Umbrella API key and Key Secret generated for use by JupiterOne.

Click Create after all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.