Virtual appliances: The API returns virtual appliance (VA) records
and updates or deletes VAs. Note that you cannot create a virtual
appliance through the API. A VA must be created within your
hypervisor and must be registered as an identity within Umbrella
before the API can manage it.
Umbrella sites: The API creates, updates, and deletes sites and
returns site records.
Users: The API creates and deletes users and returns user records.
Roles: The API returns a list of roles.
Destination lists: The API creates, reads, updates, and deletes
destination lists.The Enforcement API
The Cisco Umbrella Enforcement API is designed to give
technology partners the ability to send security events
from their platform/service/appliance within a mutual
customer’s environment to the Umbrella cloud for
enforcement. With this API, you can list domains or
delete individual domains from the list.
The API is restricted to HTTPS and is hosted at
https://s-platform.api.opendns.com. A fixed UUID-v4
customer key handles customer authentication to the
API. A key must be supplied with each request to the
API. To generate or get the customer key, you have to log
in to the console and navigate to Policies > Policy
Components > Integrations.
Now let’s look at an example of enforcement. Here are
the steps involved when the customer detects a malicious
domain and wants to add it to Umbrella:
Step 1. The customer identifies malicious code or a
malicious activity as users visit a particular URL
or domain. The detection can occur with third-
party software or Cisco AMP or any other
mechanism that the customer already has in
place.