Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Cisco Meraki Monitoring

Updated Apr 4, 2024

Configure Cisco Meraki for Arctic Wolf monitoring

You can configure Cisco Meraki® to send the necessary logs to Arctic Wolf® for security monitoring. This integration provides Arctic Wolf with data about security events and the configuration of your organization.

Before you begin

Steps

For each organization that you want Arctic Wolf to monitor, complete these steps:

  1. Configure API access for an organization.
  2. Create a read-only user account.
  3. Generate an API key.
  4. Provide credentials to Arctic Wolf.

Step 1: Configure API access for an organization

  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.

    Tip: A full-access administrator has the organization permissions on the Administrators page.

  2. If you have multiple organizations, in the Organization list, select the organization you want to configure.

  3. Click Organization > Configure > Settings.

  4. In the Security section, if Limit Dashboard and Dashboard API access to these IP ranges or Limit Dashboard API access to these IP ranges is selected, make sure the selected option contains the Arctic Wolf Cloud Services IP ranges.

    Note: To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click > Allowlist Requirements, and then view the IP addresses in the section for your product.

  5. In the Dashboard API access section, select the Enable access to the Cisco Meraki Dashboard API checkbox.

  6. Click Save Changes.

Step 2: Create a read-only user account

Note: Use the same user email for all organizations you want Arctic Wolf to monitor. The user must accept an invitation to each new organization they are added to.

  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.

    Tip: A full-access administrator has the organization permissions on the Administrators page.

  2. If you have multiple organizations, in the Organization list, select the organization you want to add the user to.

  3. Click Organization > Configure > Administrators.

  4. Click Add admin.

    The Create administrator dialog opens.

  5. Enter the name and email of the user.

  6. In the Organization access list, select Read-only.

  7. Click Create admin.

  8. Click Save Changes.

  9. Save the numeric value of the Organization ID, in the page footer, in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 3: Generate an API key

Notes:

  • The user added in Create a read-only user account must set up their account before generating an API key.
  • Submit the previous API key and the new organization ID. Always use the same API key in this step. The organization ID varies based on the organization.
  1. Sign in to the Cisco Meraki dashboard with the account created in Create a read-only user account.

  2. In the profile menu, select My profile, and then click Generate new API key.

    Note: The generated API key is associated with the user that generated the key and has the same permissions as that user.

  3. Save the generated API key in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 4: Provide Cisco Meraki credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the cloud services list, click Cisco Meraki API.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Key — Enter the API key value from Generate an API key.

    • Org ID — Enter the organization ID from Create a read-only user account.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

See also