1

OPENDNS CONDIFENTIAL

OPENDNS UMBRELLA INTEGRATIONS

QUICK START GUIDE

Cisco AMP Threat Grid

2

OPENDNS CONDIFENTIAL

How to configure your Umbrella Dashboard to obtain information from

Cisco AMP Threat Grid

The first step is to find or generate the API key in your Cisco AMP Threat Grid dashboard. Log in to

your Cisco AMP Threat Grid dashboard, and select your account details in the upper right. Under

your Account Details, an API key may already be visible if you've created one already. If you haven't

yet, click Generate New API Key:

Your API key should then be visible under User Details > API Key.

Then, you'll want to add the API key to the Umbrella dashboard in order for it to pull data from Cisco

AMP Threat Grid. You can do this by logging into your Umbrella Dashboard, and then navigating

to System Settings > Integrations > Cisco AMP Threat Grid:

Select the checkbox to enable the integration and paste your API Key into the area that says "API Key",

and then click Save.

At this point, if you receive an error, there is likely a problem with your API key, or communications

between the services. Check your API key and try again, and if it still fails contact OpenDNS

Technical Support.

If you receive a success message, it indicates that the Umbrella service was able to use the API key

to make an initial connection to the Cisco AMP Threat Grid API. The Umbrella service uses a polling

interval of 5 minutes to retrieve domains from AMP Threat Grid.

3

OPENDNS CONDIFENTIAL

IMPORTANT:

While OpenDNS tries its best to validate and allow domains which are known to be generally safe

(e.g. Google, Salesforce, etc.), to avoid any unwanted interruptions, we suggest adding any

domains you never wish to have blocked to the Global Allow List (or other domain lists as per your

policy).

Examples include:

The home page for your organization e.g. mydomain.com

Domains representing services you provide that might have both internal and external

records. e.g. mail.myservicedomain.com, portal.myotherservicedomain.com

Lesser-known cloud applications you depend on heavily that OpenDNS may not be aware of

or include in their automatic domain validation e.g. localcloudservice.com

These domains should be added to the Global Allow List, which is found under Configuration >

Policy Settings > Domains Lists in your Umbrella Dashboard.

Additional information about the integration set up is available on our support forums:

https://support.opendns.com/entries/95725868-OpenDNS-Umbrella-Cisco-AMP-Threat-Grid-Cloud-

Integration-Setup-Guide

For information about the value of this integration:

https://www.opendns.com/partners/technology-partners/cisco/

Feature Brief: https://www.opendns.com/enterprise-security/resources/data-sheets/cisco-

amp-threat-grid-integration/