open dns integrations cisco amp threat grid quick start
TRANSCRIPT
1
OPENDNS CONDIFENTIAL
OPENDNS UMBRELLA INTEGRATIONS
QUICK START GUIDE
Cisco AMP Threat Grid
2
OPENDNS CONDIFENTIAL
How to configure your Umbrella Dashboard to obtain information from
Cisco AMP Threat Grid
The first step is to find or generate the API key in your Cisco AMP Threat Grid dashboard. Log in to
your Cisco AMP Threat Grid dashboard, and select your account details in the upper right. Under
your Account Details, an API key may already be visible if you've created one already. If you haven't
yet, click Generate New API Key:
Your API key should then be visible under User Details > API Key.
Then, you'll want to add the API key to the Umbrella dashboard in order for it to pull data from Cisco
AMP Threat Grid. You can do this by logging into your Umbrella Dashboard, and then navigating
to System Settings > Integrations > Cisco AMP Threat Grid:
Select the checkbox to enable the integration and paste your API Key into the area that says "API Key",
and then click Save.
At this point, if you receive an error, there is likely a problem with your API key, or communications
between the services. Check your API key and try again, and if it still fails contact OpenDNS
Technical Support.
If you receive a success message, it indicates that the Umbrella service was able to use the API key
to make an initial connection to the Cisco AMP Threat Grid API. The Umbrella service uses a polling
interval of 5 minutes to retrieve domains from AMP Threat Grid.
3
OPENDNS CONDIFENTIAL
IMPORTANT:
While OpenDNS tries its best to validate and allow domains which are known to be generally safe
(e.g. Google, Salesforce, etc.), to avoid any unwanted interruptions, we suggest adding any
domains you never wish to have blocked to the Global Allow List (or other domain lists as per your
policy).
Examples include:
The home page for your organization e.g. mydomain.com
Domains representing services you provide that might have both internal and external
records. e.g. mail.myservicedomain.com, portal.myotherservicedomain.com
Lesser-known cloud applications you depend on heavily that OpenDNS may not be aware of
or include in their automatic domain validation e.g. localcloudservice.com
These domains should be added to the Global Allow List, which is found under Configuration >
Policy Settings > Domains Lists in your Umbrella Dashboard.
Additional information about the integration set up is available on our support forums:
https://support.opendns.com/entries/95725868-OpenDNS-Umbrella-Cisco-AMP-Threat-Grid-Cloud-
Integration-Setup-Guide
For information about the value of this integration:
https://www.opendns.com/partners/technology-partners/cisco/
Feature Brief: https://www.opendns.com/enterprise-security/resources/data-sheets/cisco-
amp-threat-grid-integration/