There are three return values for the categorization:
Status: The status is -1 if the domain is believed to be malicious, 1 if
the domain is believed to be benign, or 0 if it hasn’t been classified yet.
Security: This field indicates whether there is an Umbrella domain
match or whether this domain is associated with one.
Content: This field indicates the type of domain (for example,
Ecommerce/Shopping, Business Services).Example 11-8 shows the response to the request in
Example 11-7. Note that the query parameter
showLabels in Example 11-7 gives the more human-
readable information in the response.
Example 11-8 JSON Returned for Domain
Categorization Using the Investigate API
Click here to view code image
{
"cisco.com": {
"status": 1,
"security_categories": [],
"content_categories": [
"Software/Technology",
"Business Services"
]
}
}Table 11-4 lists other Investigate API URLs for the
cisco.com domain.
Table 11-4 Other Umbrella Investigate API
CategoriesAPI CategoryAPI Endpoint URLClassifiers for a
domainhttps://investigate.api.umbrella.com/d
omains/categories/cisco.com.jsonCooccurrences for
a domainhttps://investigate.api.umbrella.com/r
ecommendations/name/cisco.com.json