- 24 Jul 2024
- 1 Minute to read
- PDF
Integrate Cisco Meraki with Red Canary
- Updated on 24 Jul 2024
- 1 Minute to read
- PDF
Integrating Cisco Meraki with Red Canary provides a robust security posture by combining cloud-managed networking with advanced threat detection and response capabilities. This integration enables organizations to efficiently monitor network activity, identify potential threats, and accelerate incident response times. To integrate Cisco Meraki with Red Canary, follow the procedure below from beginning to end.
Prerequisite
You will need the Threat Protection option in Meraki, which requires the Advanced Security Edition Licensing within the The security/SD-WAN appliance product line (MX) offering.
Step 1: Red Canary–Create your Red Canary-provided URL
Create a Red Canary provided-URL to send Cisco Meraki alerts for ingestion.
From your Red Canary homepage, click Integrations and See all integrations.
Type and select Cisco Meraki.
Click Configure.
Enter a Name for your external alert source.
Select a Display Category.
Under the Ingest Format/Method dropdown, select Meraki via HTTP. This is the preferred ingest method and generates the best data for investigation and correlation. Please do not use the other available ingest methods.
Click Save Configuration.
Click Activate it to begin processing alerts. This will generate the URL you will use to send Cisco Meraki alerts to.
Note: You may need to refresh the page for the URL to appear.
Copy and save the Red Canary-provided URL. You’ll use this URL in a later step.
Step 2: Cisco Meraki–Enter your Red Canary-provided URL
Adjust your Cisco Meraki alert settings to send generated alerts to your Red Canary-provided URL.
From your Cisco Meraki homepage, click Network-wide, and then click Alerts.
From the Network-wide section, select A rogue AP is detected.
From the Security appliance section, select Malware is blocked.
From the Security appliance section, select Malware is downloaded.
Note: Other alert types are allowed but not required.
Scroll down to the Webhooks section, and then click Add an HTTPS receiver.
Enter Red Canary in the name field.
Enter the URL from Step 1.10.
Delete the text in the shared secret field.
From the Payload template dropdown select Meraki.
Assign the Alert to the new webhook per Cisco Meraki’s instructions.
Click Send test webhook.
Click Save.