Step 2. Umbrella checks to see if any of the policies
are triggered, such as content filtering policies
or blacklisted domains.
Step 3. If all is well, the IP address is sent to the
requesting user. In the case of stanford.edu,
Umbrella returns the correct IP address.
Step 4. When a DNS request is sent for domain.xyz,
Umbrella checks whether any polices are
triggered or whether this a known malicious
domain.
Step 5. Umbrella responds with a “blocked page”
message, informing the user that the domain is
either malicious or on the blocked list.Figure 11-2 Cisco Umbrella: Blocking a Malicious
Domain Lookup
Cisco Umbrella APIs
Cisco Umbrella supports various APIs for different
functions. Table 11-3 describes these APIs.
Table 11-3 Umbrella APIsAPIDescriptionM
a
n
a
gThis API directs customers to manage organizations,
networks, network devices, users, and roaming
computers and integrate actions in those areas into
workflows.