Cisco Umbrella Investigate
Interactive threat intelligence to uncover and predict malicious attacks.
Daily Internet Requests Analyzed
620B+
Security Events Enforced Daily
60B+
Users Protected
100M+
About Cisco Umbrella Investigate
Cisco Umbrella Investigate is a threat intelligence and investigation tool that provides deep context on security threats from a single, correlated source. Security teams can query domains, IP addresses, ASNs, and file hashes to understand relationships between attackers and their infrastructure. The tool leverages real-time data from Cisco's global network, which analyzes over 620 billion internet requests daily, to help analysts predict future threats and protect their organizations. Key use cases include threat hunting, incident response enrichment, and security operations (SecOps) efficiency. It is accessible via a web-based console and a powerful API for integration with other security tools like SIEMs and SOAR platforms.
Core Features
Rich Threat Intelligence
Provides access to a massive dataset of domains, IPs, file hashes, and other threat indicators.
Threat Visualization
Graphically visualizes relationships between different indicators of compromise (IoCs) to uncover attacker infrastructure.
Api Integration
Integrates with SIEM, SOAR, and other security tools via a RESTful API to enrich security events and automate workflows.
Historical Data
Access to historical DNS and IP data to investigate past incidents and identify long-term attack patterns.
Primary Use Cases
Incident Response
Enrich alerts with deep context to speed up investigation and determine the scope of an attack.
Threat Hunting
Proactively search for hidden threats and attacker infrastructure before an attack occurs.
Security Operations
Improve efficiency by automating the process of gathering and correlating threat intelligence.