On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Add to Destination List

Workflow #0017

Response Workflow

This workflow adds an observable to the configured destination list in Cisco Umbrella. Supported observables: ip, domain

Note: Umbrella does not support adding IP addresses to block lists. If you use this workflow with a block destination list, adding IP addresses will have no effect.


Change Log

Date Notes
Apr 1, 2021 - Initial release
Sep 10, 2021 - Updated to use the new system atomics
Aug 31, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • Umbrella - Management - Add Record to Destination List
    • Umbrella - Management - Get Destination Lists
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Umbrella

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Get all of the organization’s destination lists
  3. Extract the ID of the configured destination list
  4. Check if extracting the destination list ID was successful:
    • If it was, add the record to the list
    • If it wasn’t, output an error


  • Set the Destination List Name local variable to the name of the destination list you want observables added to
  • Set the Umbrella Organization ID local variable to your Umbrella organization’s ID (found in your Umbrella dashboard’s URL)
  • If you want to change the name of this workflow in the pivot menu, change its display name


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Umbrella Management HTTP Endpoint Protocol: HTTPS
Host: management.api.umbrella.com
Path: None
Umbrella Management  

Account Keys

Account Key Name Type Details Notes
Umbrella Management HTTP Basic Authentication Username: Client ID
Password: Client Secret
Must be an API client for the management API