Introduction

The Umbrella Enforcement API enables you to programmatically integrate partner network security events with Umbrella. Through the API, you can register destinations and event information, and block malicious or suspicious domains and URLs.

The Umbrella Enforcement API includes two endpoints:

• Events (/events)
• Domains (/domains)

With the API you can:

• Add and evaluate a list of destination and event information
• Get the list of enforced domains
• Delete a domain by ID or name

Categorize Domains

The Umbrella Destination Lists API and the Umbrella Enforcement API include resources to manage domains and protect your networks.

• The Umbrella Destination Lists API enables you to set up and administer Allow and Block destination lists. You can add or delete destinations and customize destination lists.
• The Umbrella Enforcement API provides endpoints to verify the state of domains and manage a list of blocked domains for each integration.

How Umbrella Enforces Blocks

1. Umbrella reviews the domain, URL, device ID, and timestamps from the security event information.
2. If the Umbrella Investigate Popularity 90 day normalized score is below 40, Umbrella adds the domain to the integration's block list.

Try the Enforcement API

• Try out the Umbrella Enforcement API through the Cisco DevNet Cloud Security Learning Labs.
• The Cisco DevNet Sandbox provides an online learning environment for the Cloud Security API.