Introduction

The Umbrella Enforcement API enables you to programmatically integrate partner network security events with Umbrella. Through the API, you can register destinations and event information, and block malicious or suspicious domains and URLs.

The Umbrella Enforcement API includes two endpoints:

• Events (/events)
• Domains (/domains)

With the API you can:

• Add and evaluate a list of destination and event information
• Get the list of enforced domains
• Delete a domain by ID or name

Categorize Domains

You can interact with the Umbrella Enforcement API to verify the state of domains and manage a list of blocked domains for each integration.

How Umbrella Enforces Blocks

1. Umbrella reviews the domain, URL, device ID, and timestamps from the security event information.
2. If the Umbrella Investigate Popularity 90 day normalized score is below 40, Umbrella adds the domain to the integration's block list.

Try the Enforcement API

• Try out the Umbrella Enforcement API through the Cisco DevNet Cloud Security Learning Labs.
• The Cisco DevNet Sandbox provides an online learning environment for the Cloud Security API.