Configure Cisco Meraki for Arctic Wolf monitoring

You can configure Cisco Meraki® to send the necessary logs to Arctic Wolf® for security monitoring.

This integration provides Arctic Wolf with data about security events and the configuration of your organization.

Note: Make sure to complete the steps in this guide for each organization that you want Arctic Wolf to monitor.

These actions are required:

Configure API access for an organization

  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.
    Tip: A full-access administrator has the organization permissions on the Administrators page.
  2. If your account is a member of multiple organizations, select the organization that you want to configure in the Organization list.
  3. Click Organization > Settings.
  4. In the Security section, for Login IP ranges, make sure that:
    • Allow Dashboard and Dashboard API access to these IP ranges or Allow Dashboard API access to these IP ranges is selected.
    • The selected option contains the Arctic Wolf Cloud Sensors IP address ranges.
    Note: To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.
  5. In the Dashboard API access section, select the Enable access to the Cisco Meraki Dashboard API checkbox.
  6. Click Save Changes.

Create a read-only user account

Note: Use the same user email for all organizations you want Arctic Wolf to monitor. The user must accept an invitation to each new organization that they are added to.
  1. Sign in to the Cisco Meraki dashboard as a full-access administrator.
    Tip: A full-access administrator has the organization permissions on the Administrators page.
  2. If your account is a member of multiple organizations, select the organization that you want to configure in the Organization list.
  3. Click Organization > Configure > Administrators.
  4. Click Add admin.

    The Create administrator dialog opens.

  5. Enter the name and email of the user.
  6. In the Organization access list, select Read-only.
  7. Click Create admin.
  8. Click Save Changes.
  9. Save the numeric value of the Organization ID in the page footer to a safe, encrypted location to provide to Arctic Wolf later.

Generate an API key

Note:
  • The user added in Create a read-only user account must set up their account before generating an API key.
  • Submit the previous API key and the new organization ID. Always use the same API key in this step. The organization ID varies based on the organization.
  1. Sign in to the Cisco Meraki dashboard with the account created in Create a read-only user account.
  2. In the profile menu, select My profile, and then click Generate new API key.
    Note:

    The generated API key is associated with the user that generated the key and has the same permissions as that user.

  3. Save the generated API key in a safe, encrypted location. You will provide it to Arctic Wolf later.

Provide Cisco Meraki credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Cisco Meraki API.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Key — Enter the API key value from Generate an API key.
    • Org ID — Enter the organization ID from Create a read-only user account.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

    • API URL — Select the Cisco Meraki API URL that matches the region of your dashboard. If you do not know the region of your dashboard, select api.meraki.com.
  6. Click Test and submit credentials.