Understand how to Link CTR to Umbrella

Available Languages

Download Options

  • PDF     (92.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (138.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (134.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 17, 2025
Document ID:225233

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to connect the Cisco Threat Response (CTR) portal with Cisco Umbrella and all prerequisites required.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Cisco Umbrella.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Overview

    This article discusses how to connect the CTR portal with Umbrella and all prerequisites required to make this connection. The CTR links in three Umbrella components:

    Configure the CTR Link to Umbrella

    Linking CTR to Umbrella is comprised of up to three steps, depending on your level of Umbrella subscription. The linking page looks like this screenshot:

    CTR Link to Umbrella360034168072

    Linking Umbrella Reporting to CTR

    All Umbrella users have access to the reporting API. To get started, you need an API key and secret. See the Umbrella API documentation for how to find your API authentication details. Finally, enter the organization ID of the Umbrella organization to link to the CTR.

    Requirements

    • Subscribe to Umbrella services.

    Linking Umbrella Enforcement to CTR

    The Umbrella Enforcement API is a feature that allows for automated addition of new domains to a security enforcement list. For more information, review the Umbrella documentation.

    Requirements

    • Subscribe to Umbrella Services with access to the Enforcement API in the dashboard.
    note-icon

    Note: If you do not have the Umbrella Enforcement API for custom integrations in your Umbrella dashboard and would like to have access, please contact your Cisco Umbrella representative.

    Linking Umbrella Investigate to CTR

    The Umbrella Investigate API is a feature that allows for queries against the Cisco Umbrella Investigate system outside of the Investigate web portal. API access is limited. For more information, review the Umbrella documentation.

    Requirements

    • Subscribe to Cisco Umbrella Investigate (https://investigate.umbrella.com).
      • The package or add-on for the Investigate API must be active.
      • Some entitlements allow for a low volume of queries. CTR can function up until the query limit is reached.
    note-icon

    Note: If you do not have the Umbrella Enforcement API for custom integrations in your Umbrella dashboard and would like to have access, please contact your Cisco Umbrella representative.

    Revision History

    Revision Publish Date Comments
    1.0
    17-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products