Enricher - Cisco Related Domains
This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.
|
|
Specifications |
|
Enricher name |
Cisco Related Domains |
|
Input |
Domain. |
|
Output |
Related domain names based on request time. |
|
API endpoint |
https://investigate.api.umbrella.com/links/name/${}.json |
|
Description |
Enriches supported observables with domain names that have often been requested around the same time (up to 60 seconds before or after) as the input domain names, but that are not often associated with other domain names. |
The default Source reliability value for this enricher is C – Fairly reliable.
You can change it to a different reliability value, as needed.
Requirements
Users need an API key. Log in to Cisco Umbrella, and then go to the Investigate API Access area to create a new API token.
Configure the enricher parameters
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Cisco Related Domains enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value: https://investigate.api.umbrella.com.In the API key field, enter your API token.
To store your changes, click Save; to discard them, click Cancel.