This article discusses how to connect the CTR portal with Umbrella and all prerequisites required to make this connection. The CTR links in three Umbrella components:
- Investigate (Requires Investigate subscription)
- Enforcement (Requires elevated Umbrella subscription with access to Enforcement API)
Configuring CTR link to Umbrella
Linking CTR to Umbrella is comprised of up to three steps, depending on your level of Umbrella subscription. The linking page will look as follows:
Linking Umbrella Reporting to CTR
All Umbrella users have access to the reporting API. To get started, you will need an API key and secret. See the Umbrella API documentation for how to find your API authentication details. Finally, enter the organization ID of the Umbrella organization to link to the CTR.
- Subscribe to Umbrella services
Linking Umbrella Enforcement to CTR
The Umbrella Enforcement API is a feature that allows for automated addition of new domains to a security enforcement list. For more information, review our documentation here.
- Subscribe to Umbrella Services with access to the Enforcement API in the dashboard
Note: If you do not have the Umbrella Enforcement API for custom integrations in your Umbrella dashboard and would like to have access, please contact your Cisco Umbrella representative.
Linking Umbrella Investigate to CTR
The Umbrella Investigate API is a feature that allows for queries against the Cisco Umbrella Investigate system outside of the Investigate web portal. API access is limited. For more information, review our documentation here.
- Subscribe to Cisco Umbrella Investigate (https://investigate.umbrella.com)
- The package or addon for the Investigate API must be active
- Some entitlements allow for a low volume of queries. CTR will function up until the query limit is reached