Cisco Umbrella
You must have the Network integrations license pack to use this feature.
You can integrate Cisco Umbrella with Sophos Central so that it sends data to Sophos for analysis.
The key steps are as follows:
- Get the API Key and Key Secret from Umbrella.
- Configure an integration in Sophos Central.
Get the API Key and Key Secret
You must have an Umbrella user account with the Full Admin role.
To get the Umbrella API Key and Key Secret you need for integration, do as follows:
-
In the Umbrella administration console, go to Admin > API Keys.
Alternatively, in a Multi-org, Managed Service Provider (MSP) console, or Managed Secure Service Provider (MSSP) console, go to Console Settings > API Keys.
-
Click API Keys and then Add.
-
Enter a name and description for the key.
A name must contain less than 256 characters. The description is optional.
-
In Key scope, you must select the scopes needed for access to endpoints. Select Reports.
-
Expand Reports to see the categories you can select, and do as follows:
- Select Aggregations, Utilities, and Granular Events.
- Select Read-only access for each category.
-
In Expiry Date, select Never expire.
-
Click Create Key.
-
Copy and save your API Key and Key Secret. Save this information in a secure location. You'll need to use it later in Sophos Central.
-
Click Accept and Close.
Next, you configure an integration in Sophos Central.
Configure an integration
To integrate Cisco Umbrella with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
-
Click Cisco Umbrella (API).
The Cisco Umbrella (API) page opens. You can configure integrations here and see a list of any you've already configured.
-
Click Add Configuration.
Note
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.
-
In Integration steps, do as follows:
- Enter the Integration name and Integration description.
- Enter the API Key, and Key Secret you got from Umbrella.
-
Click Save.
We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.