Umbrella Alert Bot (Investigate, VirusTotal, ThreatGrid)
The Umbrella Alert Bot illustrates Cisco’s Collaboration suite with a tight cross-architectural demo between Webex Teams and Cisco Umbrella Investigate, VirusTotal and ThreatGrid.
The Umbrella Alert Bot acts as an integration and leverages Webex Teams APIs, Cisco Umbrella Investigate, ThreatGrid, and VirusTotal to send notifications and alerts to users when a malicious URL, IP address, or File Hash has been shared in a space. Imagine being in a conversation and someone sends you a URL: The bot will pick up on that and add it to its history log then send an alert in the room with Investigate, ThreatGrid, and VirusTotal link with info if the URL, IP, or file hash is considered malicious by Cisco Umbrella Investigate.
Umbrella’s Investigate is the source of information and has an API to query intelligence information. ThreatGrid is also a Cisco service that has an API to query additional information. VirusTotal is an external service provided by Google that also has an API to query their database.
- Create a space with you, a friend or colleague, and the bot in the room (firstname.lastname@example.org).
- Send a malicious URL (or IP) or a message containing a malicious URL (or IP) in the room like: “Hey check this out www.ihaveabadreputation.com“
- The bot will be adding this URL to its “history” that it is keeping track of.
- You can check the history by typing “@secbot /history” (NOTE: don’t mention the bot, just type @secbot – this is something that will change soon) and notice that the URL has been added. If the bot deems the URL to be malicious it will send backlinks with information about the URL from Investigate, ThreatGrid, and VirusTotal.