Add to Destination List
Workflow #0017
Response Workflow
This workflow adds an observable to the configured destination list in Cisco Umbrella. Supported observables: ip
, domain
Change Log
Date | Notes |
---|---|
Apr 1, 2021 | - Initial release |
Sep 10, 2021 | - Updated to use the new system atomics |
Aug 31, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Umbrella - Management - Add Record to Destination List
- Umbrella - Management - Get Destination Lists
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Umbrella
Workflow Steps
- Make sure the observable type provided is supported
- Get all of the organization’s destination lists
- Extract the ID of the configured destination list
- Check if extracting the destination list ID was successful:
- If it was, add the record to the list
- If it wasn’t, output an error
Configuration
- Set the
Destination List Name
local variable to the name of the destination list you want observables added to - Set the
Umbrella Organization ID
local variable to your Umbrella organization’s ID (found in your Umbrella dashboard’s URL) - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Umbrella Management | HTTP Endpoint | Protocol: HTTPS Host: management.api.umbrella.com Path: None | Umbrella Management |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
Umbrella Management | HTTP Basic Authentication | Username: Client ID Password: Client Secret | Must be an API client for the management API |