Skip to main content
Integrations

Impelix IMPACT Integration
with Cisco Umbrella

The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.

We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.

Cisco Umbrella

On the Cisco Umbrella Console

Log in to Umbrella for the organization and create a secret and key:

  1. In Umbrella, navigate to Admin > API Keys and click Create; or in a management console (Multi-org, MSP, or MSSP), navigate to Settings > API Keys and click Add.
  2. Select Umbrella Reporting and click Create.
  3. Expand Umbrella Reporting and copy Your Key and Your Secret.
  4. Click To keep it secure, ...check box and then click Close.

    5. You must acknowledge that your key and secret are only displayed once to activate the Close button.

    Note: You have only one opportunity to copy your secret. Umbrella does not save it and it cannot be retrieved after its initial creation.

    To generate a new key and secret, click Refresh for your current key and secret. Alternatively, delete the existing key and secret, then create a new key and secret pair.

    Configure Impelix IMPACT
    • Go to Admin > SOAR > Cisco Umbrella > Config
    • Click the checkbox for Enable the Cisco Umbrella Integration
    • Paste the API Key, API Secret, and Organization ID
    • Click the disk icon (Save)
    • Click Jobs and go to Artifacts from Cisco Umbrella
    • Select Triggers, expanding Manual Trigger and Interval Trigger
      • Toggle both to State: ENABLED
    • The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 30 minutes)
    • Click the disk icon (Save)
    • Within 1 hour the tool should be listed as an Artifact Source under Report > Tool Effectiveness > Artifact Source Types

    Cisco Umbrella API Doc

The Next Evolution of SIEM

Avoid alert noise, high cost of data ingestion, and incident response complexity.
Move to our Automated SecOps and Enterprise Risk Management Platform.
✔︎ Respond     ✔︎ Investigate     ✔︎ Prevent     ✔︎ Comply
Schedule a Demo

10 S Riverside Plaza
Ste 875 PMB159
Chicago, IL 60606

(888) 311-3002
contacts@impelix.com