Proactively Protect Users
Uncover attacker infrastructure before an attack launches. By mapping relationships between domains, IPs, and files, Investigate helps you block malicious destinations before they are weaponized against your organization.
Call a Specialist Today! 800-886-5369
Cisco Umbrella Investigate
See Attacker Infrastructure Before the Next Threat Launches
Umbrella Investigate gives security teams the most complete view of relationships between internet domains, IPs, and files — so you can investigate faster, prioritize smarter, and stop attacks before they reach your users.
Threat Intelligence That Maps How Attacks Are Built
Attackers reuse infrastructure. Domains, IPs, and files are connected — if you can see those connections, you can predict where the next attack will come from. Umbrella Investigate uses Cisco's unique view of global internet traffic combined with Talos threat intelligence, machine learning, and passive DNS data to expose attacker infrastructure and deliver the context your team needs for faster, more accurate incident response.
Investigate Console
Real-Time Context on Every Domain, IP, and File
The Investigate console gives analysts immediate access to threat scoring, DNS request patterns, and passive DNS history — so you can triage faster and investigate with confidence.
- Risk scoring — Reliable threat scores with full visibility into contributing factors for faster triage
- DNS request patterns — Up-to-the-minute views of DNS activity; sudden spikes can indicate malicious activity
- Passive DNS — Five years of historical DNS data with tagged security categories for deeper context
- API access — Integrate threat intelligence directly into your SOAR, SIEM, or custom workflows
How Organizations Use Investigate
Better Prioritize Incidents
Not every alert deserves the same urgency. Investigate's threat scoring and contextual data helps analysts quickly identify which alerts require deeper investigation and which can be deprioritized.
Speed Investigations
Get greater context for faster decision making. Investigate compresses hours of manual research into minutes by surfacing domain relationships, historical data, and threat categories in a single view.
Third-Party Integrations
Enrich Your Existing Security Tools with Investigate Intelligence
Investigate integrates with your existing security stack to amplify the value of your investments. Connect threat intelligence to your SIEM, SOAR, EDR, and ticketing platforms via API — so every investigation starts with context, not guesswork.
- API-first design for flexible integration with any security platform
- Pre-built connectors for popular SIEM and SOAR tools
- Powered by Cisco Talos web reputation, Cisco Advanced Malware Protection (AMP) file reputation, and AV engines
72%
of customers reduced investigation time by 50% or more
50%+
of respondents saw 75% or more reduction in malware infections
The Next Evolution
Cisco Umbrella Is Evolving to Cisco Secure Access
Building on Cisco Umbrella’s proven security with more than 30,000 customers globally, Cisco Secure Access delivers an intuitive user experience, simplified IT management, and powerful new capabilities — for the same price.
Explore Cisco Secure AccessAccelerate Investigations with Umbrella Investigate
Our Cisco-certified team can help you integrate Umbrella Investigate into your security operations — so your analysts can investigate faster, prioritize better, and stop threats before they cause damage.
- Real-time threat intelligence via console and API
- Integrates with your SIEM, SOAR, and EDR platforms
- Powered by Cisco Talos and global DNS visibility
- Response from a certified Cisco specialist within one business day