Cisco Meraki™ Monitoring

Configuration Guide

Updated Mar 14, 2023

Cisco Meraki™ Monitoring

Configure Cisco Meraki™ to use the Cisco Meraki™ API for monitoring Direct link to this section

Note: Only use this procedure when a Cisco Meraki™ device is not able to send syslog messages to a sensor or log collector. When possible, Configure a Cisco Meraki Firewall to send logs to Arctic Wolf.

Arctic Wolf® can use the Cisco Meraki™ API to monitor Cisco Meraki™ logs and alert you about suspicious or malicious activity.

  1. Enable traffic analysis.
  2. Generate an API key.
  3. Provide your cloud credentials to Arctic Wolf.

Step 1: Enable traffic analysis Direct link to this section

Traffic analysis must be enabled for all combined and uncombined networks in your environment.

Enable traffic analysis on a combined network Direct link to this section

  1. Sign in to the Cisco Meraki™ dashboard as an administrator.
  2. In the NETWORK dropdown, select the network you want to configure.
  3. In the navigation pane, click Network-wide > Configure > General.
  4. In the Traffic Analysis section, select Detailed: collect destination hostnames from the Traffic analysis dropdown list.
  5. Click Save Changes.

Enable traffic analysis on an uncombined network Direct link to this section

Complete these steps for all non-MDM networks:

  1. Sign in to the Cisco Meraki™ dashboard as an administrator.
  2. In the NETWORK dropdown, select the network you want to configure.
  3. In the navigation pane, click Network-wide > Configure > General.
  4. In the Traffic Analysis section, select Traffic analysis enabled from the Traffic analysis dropdown list.
  5. Select Report specific hostnames from the Hostname visibility dropdown list.
  6. Click Save Changes.

Step 2: Generate an API key Direct link to this section

  1. Sign in to the Cisco Meraki™ dashboard as an administrator.

  2. In the NETWORK dropdown, select the network you want to configure.

  3. Select Organization > Settings.

  4. In the Security section, if the Limit Dashboard and Dashboard API access to these IP ranges or Limit Dashboard API access to these IP ranges is selected, ensure that the selected option contains the Arctic Wolf Cloud Services IP ranges.

    Note: To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Portal, and then click Account > Arctic Wolf IP Addresses. The IP addresses that must be allowlisted are listed under If Arctic Wolf monitors your Cloud Services.

  5. In the Dashboard API Access section, select the Enable access to the Cisco Meraki Dashboard API checkbox.

  6. Click Save Changes.

  7. Select My profile, and then select Generate new API key.

    Note: The generated API key is associated with the user that generated the key and inherits the same permissions as that user.

  8. Copy the generated API key, to provide it to Arctic Wolf.

See Cisco Meraki Dashboard API, for more information.

Step 3: Provide your cloud credentials to Arctic Wolf Direct link to this section

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Detection and Response as the Account Type.

  5. Select Cisco Meraki from the list of cloud services and then fill in the form:

    1. Enter a descriptive name for the credentials in the Account Name text box.
    2. Paste the API key value obtained in Generate an API key into the API Key text box.

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending. After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.