Link Search Menu Expand Document

Add to Destination List

Workflow #0017

Response Workflow

This workflow should be triggered from a SecureX pivot menu and supports IP address, domain, and URL observables. When triggered, this workflow adds an observable to the configured destination list in Cisco Umbrella.

GitHub


Requirements


Workflow Steps

  1. Make sure the observable type provided is supported
  2. Get all of the organization’s destination lists
  3. Extract the ID of the configured destination list
  4. Check if extracting the destination list ID was successful:
    • If it was, add the record to the list
    • If it wasn’t, output an error

Configuration

  • Set the Destination List Name local variable to the name of the destination list you want observables added to
  • Set the Umbrella Organization ID local variable to your Umbrella organization’s ID (found in your Umbrella dashboard’s URL)
  • If you want to change the name of this workflow in the pivot menu, change its display name

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Umbrella Management HTTP Endpoint Protocol: HTTPS
Host: management.api.umbrella.com
Path: None
Umbrella Management  

Account Keys

Account Key Name Type Details Notes
Umbrella Management HTTP Basic Authentication Username: Client ID
Password: Client Secret
Must be an API client for the management API