Configure Cisco Meraki API for Arctic Wolf monitoring

You can configure Cisco Meraki® to send the necessary logs to Arctic Wolf® for security monitoring.

This integration provides Arctic Wolf with data about security events and the configuration of your organization.

Note: Make sure to complete the steps in this guide for each organization that you want Arctic Wolf to monitor.

These resources are required:

  • Full-access administrator role in the Cisco Meraki dashboard.

    Tip: A full-access administrator has the organization permissions on the Administrators page.

These actions are required:

Configure API access for an organization

  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.
  2. If your account is a member of multiple organizations, select the organization that you want to configure in the Organization list.
  3. Click Organization > Configure > Settings.
  4. In the Security section, under Login IP ranges:
    1. Select Allow Dashboard API access to these IP ranges.
    2. In the corresponding text box, enter the Arctic Wolf Cloud Sensors IP address ranges.
      Note: To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.
  5. Scroll to the bottom of the page to view the footer.
  6. From the footer, copy and save the numeric value of the Organization ID to a safe, encrypted location to provide to Arctic Wolf later.
  7. Click Save Changes.

Create a read-only user account

Note: Use the same user email for all organizations that you want Arctic Wolf to monitor. The user must accept an invitation to each new organization that they are added to.
  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.
  2. If your account is a member of multiple organizations, select the organization that you want to configure in the Organization list.
  3. Click Organization > Configure > Administrators.
  4. Click + Add admin.
  5. On the Add New Admin page, enter the name and email of the user.
  6. In the Role & Scope section, click Assign Role.
  7. Click Observer, and then select All settings within an organization.
  8. Click Save to save the role.
  9. Click Save again to save the new user account.

Generate an API key

Note:
  • The user added in Create a read-only user account must set up their account before generating an API key.
  • Submit the previous API key and the new organization ID. Always use the same API key in this step. The organization ID varies based on the organization.
  1. Sign in to the Cisco Meraki dashboard with the account created in Create a read-only user account.
  2. In the profile menu, select My profile.
  3. On your profile page, in the API access section, click Generate new API key.

    The API key is associated with and has the same permissions as the read-only user account.

  4. Save the generated API key in a safe, encrypted location to provide to Arctic Wolf later.

Provide Cisco Meraki credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Cisco Meraki API.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Key — Enter the API key value from Generate an API key.
    • Org ID — Enter the organization ID from Create a read-only user account.

    • Credential Expiry — Enter the credential expiration date, if applicable.

    • API URL — Select the Cisco Meraki API URL that matches the region of your dashboard. If you do not know the region of your dashboard, select api.meraki.com.
  6. Click Test and submit credentials.