Cisco Umbrella (formerly known as OpenDNS) is a cloud-delivered secure internet gateway that stops current and emergent threats over all ports and protocols. It blocks access to malicious domains, URLs, IPs, and files before a connection is established or a file is downloaded.
The AlienApp for Cisco Umbrella provides functional support to easily ingest data from Cisco Umbrella to USM Anywhere for analysis, and to enable orchestration for triggering actions within Cisco Umbrella based on risks identified in USM Anywhere.
The AlienApp leverages two features from Cisco Umbrella:
- Amazon Simple Storage Service (S3) log management: The AlienApp collects Cisco Umbrella logs through an Amazon S3 bucket.
- Enforcement API: The AlienApp sends response actions to Cisco Umbrella based on the malicious records identified by USM Anywhere.
All three new Cisco Umbrella packages, DNS Security Essentials, DNS Security Advantage, and Secure Internet Gateway (SIG) Essentials, support both features. Therefore, AlienApp for Cisco Umbrella should work regardless which package you have. See the vendor website for more information about the Cisco Umbrella product packages.
Note: If you are using the old Cisco Umbrella packages (Professional, Insights, and Platform), only the Platform package supports both features. The Insights package does not support Enforcement API, while the Professional package does not support either. Therefore, to fully integrate with the AlienApp, you need to have the Platform package.
Edition: The AlienApp for Cisco Umbrella response actions are available in the Standard and Premium editions of USM Anywhere.
See https://cybersecurity.att.com/pricing for more information about the features and support provided by each of the USM Anywhere editions.
Warning: If the AlienApp fails and you receive a message informing you that it has not been loaded, please contact AT&T Cybersecurity Technical Support to solve the problem.
Related Video Content
To view other related training videos, click here.