Skip to content
Find out how we support MDR.

Cisco Umbrella

You must have the Network integrations license pack to use this feature.

You can integrate Cisco Umbrella with Sophos Central so that it sends data to Sophos for analysis.

The key steps are as follows:

  • Get the API Key and Key Secret from Umbrella.
  • Configure an integration in Sophos Central.

Get the API Key and Key Secret

You must have an Umbrella user account with the Full Admin role.

To get the Umbrella API Key and Key Secret you need for integration, do as follows:

  1. In the Umbrella administration console, go to Admin > API Keys.

    Alternatively, in a Multi-org, Managed Service Provider (MSP) console, or Managed Secure Service Provider (MSSP) console, go to Console Settings > API Keys.

  2. Click API Keys and then Add.

  3. Enter a name and description for the key.

    A name must contain less than 256 characters. The description is optional.

  4. In Key scope, you must select the scopes needed for access to endpoints. Select Reports.

    Key Scope settings.

  5. Expand Reports to see the categories you can select, and do as follows:

    1. Select Aggregations, Utilities, and Granular Events.
    2. Select Read-only access for each category.

    Key Scope permissions.

  6. In Expiry Date, select Never expire.

  7. Click Create Key.

  8. Copy and save your API Key and Key Secret. Save this information in a secure location. You'll need to use it later in Sophos Central.

  9. Click Accept and Close.

Next, you configure an integration in Sophos Central.

Configure an integration

To integrate Cisco Umbrella with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Cisco Umbrella (API).

    The Cisco Umbrella (API) page opens. You can configure integrations here and see a list of any you've already configured.

  3. Click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.

  4. In Integration steps, do as follows:

    1. Enter the Integration name and Integration description.
    2. Enter the API Key, and Key Secret you got from Umbrella.
  5. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.

More information