This article leads you through the process of integrating Cisco Meraki with Red Canary. Follow the procedure from beginning to end.
Step 1: Red Canary–Create your Red Canary-provided URL
Create a Red Canary provided-URL to send Cisco Meraki alerts for ingestion.
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations.
- In the search bar, type and then select your third-party security source.
- Continue onto the next step by configuring your third-party security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure.
- Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select Meraki via HTTP. This is the preferred ingest method and generates the best data for investigation and correlation. Please do not use the other available ingest methods.
- Click Save Configuration.
- Click Activate it to begin processing alerts. This will generate the URL you will use to send Cisco Meraki alerts to.
Note: You may need to refresh the page for the URL to appear.
- Copy and save the Red Canary-provided URL. You’ll use this URL in a later step.
Step 2: Cisco Meraki–Enter your Red Canary-provided URL
Adjust your Cisco Meraki alert settings to send generated alerts to your Red Canary-provided URL.
- From your Cisco Meraki homepage, click Network-wide, and then click Alerts.
- From the Network-wide section, select A rogue AP is detected.
- From the Security appliance section, select Malware is blocked.
- From the Security appliance section, select Malware is downloaded.
Note: Other alert types are allowed but not required.
- Scroll down to the Webhooks section, and then click Add an HTTPS receiver.
- Enter Red Canary in the name field.
- Enter the URL from Step 1.10.
- Delete the text in the shared secret field.
- From the Payload template dropdown select Meraki.
Assign the Alert to the new webhook per Cisco Meraki's instructions.
- Click Test webhook.
- Click Save.