Enricher - Cisco ASN Info#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

Cisco ASN Info

Input

Ipv4.

Output

  • AS number

  • AS organization name

  • CIDR the input IP address belongs to.

By providing data about ASN and IP relationships, it helps understand how IP addresses are related to each other and to the regional registries. Results include the AS number and organization name of the network operator managing the input IP address, CIDR notation of the input IP address refers to to include subnet addresses

API endpoints

https://investigate.api.umbrella.com/bgp_routes/ip/{Input}/as_for_ip.json

Description

Based on the input observables, the enricher searches the source Cisco Umbrella DNS database for matches.

Retrieved matches are stored in the platform as enrichment observables related to the corresponding input IP addresses. They are not automatically assigned a maliciousness confidence level because they may not necessarily be malicious.

Note

The default Source reliability value for this enricher is C – Fairly reliable.
You can change it to a different reliability value, as needed.

Requirements#

Users need an API key. Log in to Cisco Umbrella, and then go to the Investigate API Access area to create a new API token.

Configure the enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Cisco ASN Info enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://investigate.api.umbrella.com.

  4. In the API key field, enter your Cisco API token.

  5. To store your changes, click Save; to discard them, click Cancel.