Skip to main content

Cloud-delivered Incident ResponderIncident Responder Documentation

Configure the Cisco Umbrella Investigate Service

Configure Cisco Umbrella Investigate as a service to collect and analyze information about entities and artifacts using actions.

Last updated: June 27, 2022

Create an Investigate API access token.

  1. In the sidebar, click SETTINGSA grey gear icon, then select Core.

  2. Under SERVICE INTEGRATIONS, select Services.

  3. Select a service:

    • To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.

    • To manually provide the relevant information for a service, click Configure a new serviceA dark blue plus sign..

    • To view all actions for a service, hover over a service, then click the information icon An icon of a grey i inside a grey circle..

  4. Enter information about the service:

    • Service Name – Enter a unique name for the service. By default, the service name is Cisco Umbrella Investigate API Service.

    • (Optional) Description – Describe the service.

    • (Optional) Owner – Enter the email address of the person or group responsible for the service. 

    • API Key – Enter your Investigate API access token.

  5. To validate the source, select TEST CONNECTIVITY.

  6. Click CREATE SERVICE.