Welcome to the Cisco Umbrella Investigate API!
Access to this API requires an access token, configurable from your account settings. This service allows the querying of the Umbrella DNS database and goes beyond traditional DNS results to show security events and correlations in our datasets. Cisco Umbrella Investigate is the interface to the security data collated by our research team. The RESTful API opens up the power of Investigate's classification results, correlation, and history and is based on the Umbrella global network, the world’s largest security network. These results are generated dynamically and in real time, acting as a counter to today’s advanced persistent threats targeting enterprises that rely on traditionally static defense devices.
The Umbrella Investigate API is organized around the principles of REST. Our API lets you gather results from Investigate with anything that can send an HTTP request, including cURL and modern internet browsers. There are many things you can do with our REST API, for example:
- Check the security status of a domain, IP address or subset of domains that appear in the logs from your firewall, UTM or other Internet egress points
- Determine whether other related, co-occurring domains were accessed at the same time as the domain or IP you're looking up
- Find a historical record for this domain or IP address in our DNS database to see what has changed
- Query large numbers of domains quickly to find out whether they're scored as malicious and require further investigation
Introduction to Cisco Umbrella Investigate > About the API and Authentication