When the AlienApp for Cisco Umbrella is connected to your Cisco Umbrella environment, you can launch app actions and create orchestration rules to send data from USM Anywhere to Cisco Umbrella. See AlienApp for Cisco Umbrella Orchestration for more information about the orchestration actions supported by the AlienApp for Cisco Umbrella.
For example, you might create a rule where USM Anywhere automatically sends the URLs of suspicious domains that it identifies to Cisco Umbrella. See Creating Cisco Umbrella Response Action Rules for information about adding these types of orchestration rules for the AlienApp.
Note: To fully integrate USM Anywhere with your Cisco Umbrella implementation, you should also have the Cisco Umbrella log collection enabled so that USM Anywhere can retrieve and normalize raw log data from Cisco Umbrella. See Collecting Logs from Cisco Umbrella for information about enabling this plugin and raw log data retrieval.
Before you can use the Cisco Umbrella orchestration actions within USM Anywhere, you must establish an integration point in your Cisco Umbrella console to be used by USM Anywhere.
Note: Setting up integrations through the Enforcement API requires the Cisco Umbrella Platform Package. If you do not have this level of support, you can contact your Cisco representative to upgrade your package.
To add an integration in Cisco Umbrella
- Open your Cisco Umbrella Dashboard and go to Policies > Policy Components > Integrations.
- At the top of the page, click the icon.
- Add a name for the custom integration (such as AlienVault), and click Create.
- Click the new custom integration to expand it and display the details.
- Select the Enable checkbox.
Copy the customer key value displayed in the integration URL to a secure location.
In the following example, the value to copy is e2f5d5f7-3c02-4665-460c-3fb2bd9a9ec4:
- Click Save.
After you create the Cisco Umbrella integration and copy the key value, you're ready to establish the AlienApp for Cisco Umbrella connection in USM Anywhere. The USM Anywhere Sensor that you use to configure the AlienApp must have connectivity to the Umbrella Enforcement API at https://s-platform.api.opendns.com.
To enable the AlienApp for Cisco Umbrella
- In USM Anywhere, go to Data Sources > Integrations.
Click the AlienApps tab.
On the AlienApps page, click the Cisco Umbrella tile.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
USM Anywhere AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor.
- Click Enable.
Click the Credentials tab.
- Paste the customerKey value you copied in the previous task into the Customer Key field.
- Click Save Credentials.
Click the Status tab to verify the connection.
If the icon appears, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Cisco Umbrella connection.
This displays Status tab of the Cisco Umbrella page, but it does not provide status information until you enable and configure the AlienApp for Cisco Umbrella.