Cisco Umbrella playbooks no longer work. API endpoints v1 appear to have been migrated to v2 with new URI paths #11289
Assignees
Labels
Playbook
Playbook specialty review needed
Comments
|
Hi @dimmthewitted , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks! |
|
Hi @dimmthewitted , we are working with respective team, we will update you. |
|
Hi @dimmthewitted, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
playbooks in the Cisco Umbrella published in Microsoft Sentinel content hub version 3.0.2 fail with a 403 forbidden.
Please update the solution to the new v2 endpoints and thank you ever so kindly for your efforts.
To Reproduce
Steps to reproduce the behavior:
Run a playbook:
CiscoUmbrella-AddIpToDestinationList
CiscoUmbrella-BlockDomain
CiscoUmbrella-GetDomainInfo
CiscoUmbrella-AssignPolicyToIdentity
Additional troubleshooting
Where querying the endpoint with a permissioned API key using postman,
we see that the v1 endpoints:
GET /v1/organizations/{REMOVED_organization_id}/destinationlists
are showing as forbidden but the v2 endpoint paths downloaded from:
https://github.com/CiscoDevNet/cloud-security/tree/master/Umbrella/PostmanExamples
show success.
GET /policies/v2/destinationlists
as per:
https://developer.cisco.com/docs/cloud-security/overview-of-destination-lists-api/#destination-lists-api-use-cases
Please also see document:
How to Migrate to the Umbrella API
regarding: "replace the Umbrella v1 API URIs and Reporting v2 API URI with the Umbrella API endpoints."
https://developer.cisco.com/docs/cloud-security/how-to-migrate-to-the-umbrella-api/#step-2-update-your-client-code
Screenshots
The text was updated successfully, but these errors were encountered: