5d37637251
Update CiscoMeraki parser to contemplate firewall LogType |
||
|---|---|---|
| .. | ||
| Connector/MerakiConnector | ||
| Data Connectors | ||
| Package | ||
| Parsers | ||
| Playbooks | ||
| Workbooks | ||
| data | ||
| CiscoMerakiFlow.png | ||
| ConsolidatedTemplate.json | ||
| ReleaseNotes.md | ||
| SolutionMetadata.json | ||
| linkedtemplate.json | ||
| readme.md | ||
readme.md
Cisco Meraki Logic Apps Custom Connector and Playbook Templates
Table of Contents
- Overview
- Deploy Custom Connector + 5 Playbook templates
- Authentication
- Prerequisites
- Deployment
- Post Deployment Steps
- References
- Limitations
Overview
Cisco Meraki connector connects to Cisco Meraki Dashboard API service endpoint and programmatically manages and monitors Meraki networks at scale.
Deploy Custom connector + 5 Playbook templates
This package includes:
- Custom connector for Cisco Meraki.
- Five playbook templates leverage Cisco Meraki custom connector.
You can choose to deploy the whole package : Connector + all five playbook templates, or each one seperately from it's specific folder.
Cisco Meraki documentation
Authentication
API Key Authentication
Prerequisites for using and deploying Custom connector + 5 playbooks
- Cisco Meraki API Key should be known to establish a connection with Cisco Meraki Custom Connector. Refer here
- Cisco Meraki Dashboard API service endpoint should be known. (e.g. https://{CiscoMerakiDomain}/api/{VersionNumber}) Refer here
- Organization name should be known. Refer here
- Network name should be known.Refer here
- Network Group Policy name should be known. Refer here
Deployment instructions
- Deploy the Custom connector and playbooks by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
- Fill in the required parameters for deploying custom connector and playbooks
| Parameter | Description |
|---|---|
| For Playbooks | |
| Block Device Client Playbook Name | Enter the Block Device Client playbook name without spaces |
| Block IP Address Playbook Name | Enter the Block IP Address playbook name without spaces |
| Block URL Playbook Name | Enter the Block URL playbook name without spaces |
| Enrichment IP Address Playbook Name | Enter the IP Address Enrichment playbook name without spaces |
| Enrichment URL Playbook Name | Enter the URL Enrichment playbook name without spaces |
| Organization Name | Enter the name of Organization |
| Network Name | Enter the name of Network |
| Group Policy | Enter the name of Group Policy |
| For Custom Connector | |
| Cisco Meraki Connector Name | Enter the name of Cisco Meraki custom connector without spaces |
| Service EndPoint | Enter the Cisco Meraki Service End Point |
Post-Deployment Instructions
a. Authorize API connections
- Once deployment is complete, go under deployment details and authorize Cisco Meraki connection.
- Click the Cisco Meraki connection
- Click Edit API connection
- Enter API Key
- Click Save
b. Configurations in Sentinel
- In Microsoft sentinel analytical rules should be configured to trigger an incident with risky IP address, URL or Hosts.
- Configure the automation rules to trigger the playbooks.
References
- Cisco Meraki Dashboard API
- Content Filtering - Cisco Meraki
- Layer 3 and 7 Firewall Processing Order - Cisco Meraki
Connector
Playbooks
- Block Device Client - Cisco Meraki
- Block IP Address - Cisco Meraki
- Block URL - Cisco Meraki
- Enrichment IP Address - Cisco Meraki
- Enrichment URL - Cisco Meraki
Known Issues and Limitations
- Need to authorize the api connections after deploying the playbooks.
- For Block Device Client Playbook, While configuring the rule in Microsoft Sentinel - Device Client MAC needs to be mapped with hostname in Host entity.