Cisco Umbrella Investigate

Updated

This article describes the Intelligence Card Extension for Cisco Umbrella Investigate (formerly known as OpenDNS).

About Cisco Umbrella Investigate

Cisco Umbrella Investigate is a cloud security platform that provides the first line of defense against threats on the internet wherever users go.

You must have an API token to use this service. To get your Cisco Umbrella Investigate API Token, login to the Investigate portal and mouse over the left hand side bar; click on the section called "API Access".  

Screen_Shot_2017-03-08_at_4.15.28_PM.png

On this API Access page, you will find your Access Token:

Screen_Shot_2017-03-08_at_4.15.33_PM.png

Now enter this API token into the Extension Preferences in Recorded Future:

Screen_Shot_2017-03-08_at_4.23.22_PM.png

Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

 

Extending Hash Cards

You can enrich any Hash Card with the following threat intelligence from Cisco Umbrella Investigate:

  • File Details, including Threat Score (0 = benign to 100 = malicious)
  • AV results
  • Behavioral Indicators
  • Network Connections
  • Associated file samples

You can pivot in Recorded Future on these elements of the Cisco Umbrella Investigate response:

  • MD5, SHA-1, SHA256 Hashes
  • IP addresses
  • Domains

Example (for md5 hash decbc720b7cf89646b0c6d2dde595f4e):

 

Extending IP Address Cards

You can enrich any IP Address Card with the following threat intelligence from Cisco Umbrella Investigate:

  • Autonomous System (AS) information
  • Malicious Domains hosted at this IP
  • Associated file samples
  • Features associated with the IP
  • Known domains hosted at this IP

You can pivot in Recorded Future on these elements of the Cisco Umbrella Investigate response:

  • Domains
  • Hashes

Example (for IP 188.127.231.124):

 

Extending Domain Cards

You can enrich Domain Cards with the following threat intelligence from Cisco Umbrella Investigate:

  • Classifier and security categories
  • Whois Record Data
  • Domain Features
  • Domain Security Features 
  • Domain Generated Algorithm (DGA) scores
  • Co-occurrences

You can pivot in Recorded Future on these elements of the Cisco Umbrella Investigate response:

  • IP Addresses
  • Domains
  • URLs
  • Email addresses
  • Hashes

Example (we11point.com):

More Information:

Detailed docs on the various information fields can be found on Cisco's Umbrella Investigate documentation site.
 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more