Azure-Sentinel/Solutions/CiscoMeraki
NikTripathi f104543715 Cisco meraki solution package 1.0.12 2022-05-20 18:07:34 +05:30
..
Connector/MerakiConnector
Data Connectors Cisco meraki solution package 1.0.12 2022-05-20 18:07:34 +05:30
Package Cisco meraki solution package 1.0.12 2022-05-20 18:07:34 +05:30
Parsers update 2022-04-13 18:07:56 +05:30
Playbooks
Workbooks Removed strings with resource reference 2022-02-16 12:35:53 +05:30
data Cisco meraki package 1.0.7 2022-04-14 00:06:12 +05:30
CiscoMerakiFlow.png
ConsolidatedTemplate.json
SolutionMetadata.json Cisco Meraki Solution Package 1.0.3 2022-02-11 19:20:19 +05:30
linkedtemplate.json
readme.md

readme.md

Cisco Meraki Logic Apps Custom Connector and Playbook Templates

meraki

Table of Contents

  1. Overview
  2. Deploy Custom Connector + 5 Playbook templates
  3. Authentication
  4. Prerequisites
  5. Deployment
  6. Post Deployment Steps
  7. References
  8. Limitations

Overview

Cisco Meraki connector connects to Cisco Meraki Dashboard API service endpoint and programmatically manages and monitors Meraki networks at scale.

Deploy Custom connector + 5 Playbook templates

This package includes:

  • Custom connector for Cisco Meraki.
  • Five playbook templates leverage Cisco Meraki custom connector.

You can choose to deploy the whole package : Connector + all five playbook templates, or each one seperately from it's specific folder.

Deploy to Azure Deploy to Azure Gov

Cisco Meraki documentation

Authentication

API Key Authentication

Prerequisites for using and deploying Custom connector + 5 playbooks

  1. Cisco Meraki API Key should be known to establish a connection with Cisco Meraki Custom Connector. Refer here
  2. Cisco Meraki Dashboard API service endpoint should be known. (e.g. https://{CiscoMerakiDomain}/api/{VersionNumber}) Refer here
  3. Organization name should be known. Refer here
  4. Network name should be known.Refer here
  5. Network Group Policy name should be known. Refer here

Deployment instructions

  1. Deploy the Custom connector and playbooks by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
  2. Fill in the required parameters for deploying custom connector and playbooks
Parameter Description
For Playbooks
Block Device Client Playbook Name Enter the Block Device Client playbook name without spaces
Block IP Address Playbook Name Enter the Block IP Address playbook name without spaces
Block URL Playbook Name Enter the Block URL playbook name without spaces
Enrichment IP Address Playbook Name Enter the IP Address Enrichment playbook name without spaces
Enrichment URL Playbook Name Enter the URL Enrichment playbook name without spaces
Organization Name Enter the name of Organization
Network Name Enter the name of Network
Group Policy Enter the name of Group Policy
For Custom Connector
Cisco Meraki Connector Name Enter the name of Cisco Meraki custom connector without spaces
Service EndPoint Enter the Cisco Meraki Service End Point

Post-Deployment Instructions

a. Authorize API connections

  • Once deployment is complete, go under deployment details and authorize Cisco Meraki connection.
  1. Click the Cisco Meraki connection
  2. Click Edit API connection
  3. Enter API Key
  4. Click Save

b. Configurations in Sentinel

  1. In Azure sentinel analytical rules should be configured to trigger an incident with risky IP address, URL or Hosts.
  2. Configure the automation rules to trigger the playbooks.

References

Connector

Playbooks

Known Issues and Limitations

  • Need to authorize the api connections after deploying the playbooks.
  • For Block Device Client Playbook, While configuring the rule in Azure Sentinel - Device Client MAC needs to be mapped with hostname in Host entity.