While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?
"What can I do with the Umbrella Enforcement API?
The Umbrella Enforcement API allows partners and customers with their own security information and event management (SIEM) or threat intelligence source to inject "events" or threat intelligence into their Umbrella environment."
straight from Cisco ^^ :
https://developer.cisco.com/learning/labs/2-Umbrella-Enforcement-API-Explained-v-1-1/introduction-to-the-cisco-umbrella-enforcement-api/
The enforcement API allows automatic pushing of blocking of domains from Cisco Threat Response to Cisco Umbrella. This API automates the blocking of domains based on indicators of compromise (IOCs) discovered during an investigation in Cisco Threat Response.
Instvestigate could also be an option, but enforcement is the low level one:
https://support.umbrella.com/hc/en-us/articles/360030979772-Linking-Cisco-Threat-Response-CTR-to-Umbrella
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
pr0fectus
6 months, 3 weeks agotrudint
10 months, 4 weeks agotrudint
10 months, 4 weeks agoCokamaniako
1 year agoJoe_Blue
1 year, 1 month agomatan24
1 year, 2 months agofreho
1 year, 2 months agofreho
1 year, 2 months agoBaumb
1 year, 2 months ago