Add to Destination List

Workflow #0017

Response Workflow

This workflow adds an observable to the configured destination list in Cisco Umbrella. Supported observables: ip, domain

Note: Umbrella does not support adding IP addresses to block lists. If you use this workflow with a block destination list, adding IP addresses will have no effect.

GitHub

Change Log

Date	Notes
Apr 1, 2021	- Initial release
Sep 10, 2021	- Updated to use the new system atomics
Aug 31, 2022	- Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows

Requirements

The following system atomics are used by this workflow:
- Umbrella - Management - Add Record to Destination List
- Umbrella - Management - Get Destination Lists
The following atomic actions must be imported before you can import this workflow:
- None
The targets and account keys listed at the bottom of the page
Cisco Umbrella

Workflow Steps

Make sure the observable type provided is supported
Get all of the organization’s destination lists
Extract the ID of the configured destination list
Check if extracting the destination list ID was successful:
- If it was, add the record to the list
- If it wasn’t, output an error

Configuration

Set the Destination List Name local variable to the name of the destination list you want observables added to
Set the Umbrella Organization ID local variable to your Umbrella organization’s ID (found in your Umbrella dashboard’s URL)
If you want to change the name of this workflow in the pivot menu, change its display name

Targets

Target Group: Default TargetGroup

Target Name	Type	Details	Account Keys	Notes
Umbrella Management	HTTP Endpoint	Protocol: `HTTPS` Host: `management.api.umbrella.com` Path: None	Umbrella Management

Account Keys

Account Key Name	Type	Details	Notes
Umbrella Management	HTTP Basic Authentication	Username: Client ID Password: Client Secret	Must be an API client for the management API