Skip to main content
Red Canary help

Integrate Cisco Meraki with Red Canary

  • Updated .

This article leads you through the process of integrating Cisco Meraki with Red Canary. Follow the procedure from beginning to end. 

Step 1: Red Canary–Create your Red Canary-provided URL

Create a Red Canary provided-URL to send Cisco Meraki alerts for ingestion. 

  1. From your Red Canary homepage, click Integrations.
  2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary. 
    Note: If you do not see your security product listed, click See all integrations
  3. In the search bar, type and then select your third-party security source.
  4. Continue onto the next step by configuring your third-party security source in Red Canary.
    Note: Your third-party security source may require that you contact Red Canary to configure.
  5. Enter a Name for your external alert source.  
  6. Select a Display Category.
  7. Under the Ingest Format/Method dropdown, select Meraki via HTTP. This is the preferred ingest method and generates the best data for investigation and correlation. Please do not use the other available ingest methods.
  8. Click Save Configuration.
  9. Click Activate it to begin processing alerts. This will generate the URL you will use to send Cisco Meraki alerts to.
    Note: You may need to refresh the page for the URL to appear.
    1.png
  10.  Copy and save the Red Canary-provided URL. You’ll use this URL in a later step.
    2.png

Step 2: Cisco Meraki–Enter your Red Canary-provided URL

Adjust your Cisco Meraki alert settings to send generated alerts to your Red Canary-provided URL.

  1. From your Cisco Meraki homepage, click Network-wide, and then click Alerts.
    3.png
  2. From the Network-wide section, select A rogue AP is detected.
  3. From the Security appliance section, select Malware is blocked.
  4. From the Security appliance section, select Malware is downloaded.
    Note: Other alert types are allowed but not required.
  5. Scroll down to the Webhooks section, and then click Add an HTTPS receiver.
    4.png
  6. Enter Red Canary in the name field.
  7. Enter the URL from Step 1.10.
  8. Delete the text in the shared secret field.
  9. From the Payload template dropdown select Meraki.

  10. Assign the Alert to the new webhook per Cisco Meraki's instructions. 

  11. Click Test webhook.
    5.png
  12. Click Save.

 

Comments

0 comments

Please sign in to leave a comment.