This article leads you through the process of integrating Cisco Meraki with Red Canary. Follow the procedure from beginning to end.
Step 1: Red Canary–Create your Red Canary-provided URL
Create a Red Canary provided-URL to send Cisco Meraki alerts for ingestion.
- From the navigation menu, click Integrations, and then click Alert Sources.
- In the search bar, type and then select Cisco Meraki.
- To configure your new alert source, scroll down and then click Cisco Meraki.
- Click Edit Configuration.
- Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select Meraki via HTTP. This is the preferred ingest method and generates the best data for investigation and correlation. Please do not use the other available ingest methods.
- Click Save Configuration.
- Click Activate it to begin processing alerts. This will generate the URL you will use to send Cisco Meraki alerts to.
Note: You may need to refresh the page for the URL to appear.
- Copy and save the Red Canary-provided URL. You’ll use this URL in a later step.
Step 2: Cisco Meraki–Enter your Red Canary-provided URL
Adjust your Cisco Meraki alert settings to send generated alerts to your Red Canary-provided URL.
- From your Cisco Meraki homepage, click Network-wide, and then click Alerts.
- From the Network-wide section, select A rogue AP is detected.
- From the Security appliance section, select Malware is blocked.
- From the Security appliance section, select Malware is downloaded.
Note: Other alert types are allowed but not required.
- Scroll down to the Webhooks section, and then click Add an HTTPS receiver.
- Enter Red Canary in the name field.
- Enter the URL from Step 1.10.
- Delete the text in the shared secret field.
- From the Payload template dropdown select Meraki.
- Click Test webhook.
- Click Save.