Cisco Meraki Cloud Management

Version: Cisco Meraki Cloud Management.

Meraki’s cloud-based management provides centralized visibility and control over Meraki’s wired and wireless networking hardware, without the complexity of wireless controllers or overlay management systems. Integrated with Meraki’s entire product portfolio, cloud management provides feature rich, scalable, and intuitive centralized management for networks of any size.

Netsurion's Open XDR platform helps to monitor events from Cisco Meraki Cloud Management using API. Its dashboard, alerts, and reports help you to track activities related to wireless, application, and network devices. Alerts are triggered whenever any suspicious activities are happening on devices like rogue AP detection, IDS alerts, spoofed DHCP and many other. Its visualization helps to see the overview of all the activities on the network.

After the Cisco Meraki Cloud Management is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Cisco Meraki CM - Authentication Failure This alert is triggered when a failed connection to the AD server is detected in Meraki.
Security Cisco Meraki CM - Wireless attack detected This alert is triggered when a suspicious wireless attack is detected in Meraki.
Security Cisco Meraki CM - Rogue DHCP detected This alert is triggered when rogue DHCP is detected in Meraki.
Security Cisco Meraki CM - Switch loop detected This alert is triggered when a loop on switch is detected in Meraki.
Security Cisco Meraki CM - Switch Mac flap detected This alert is triggered when a MAC flap on switch is detected in Meraki.
Security Cisco Meraki CM - Wireless packet flood detected This alert is triggered when packet flood on the wireless is detected in Meraki.
Compliance Cisco Meraki CM - Wireless multiple DHCP servers detected This alert is triggered when a multiple DHCP servers on wireless are detected in Meraki.

Reports

Type Name Description
Security Cisco Meraki CM - Login failure activities This report gives information about all the authentication failures detected in Meraki. Reports contain user, server, domain, etc.
Security Cisco Meraki CM – Wi-Fi De-authentication Actions This report gives information about all the WPA de-authentications detected in Meraki. Reports contain client IP address, client MAC address, SSID name, etc.
Operations Cisco Meraki CM - VPN connection activities This report gives information about all the VPN connection activities. Reports contain device name, device serial, etc.
Operations Cisco Meraki CM - Port role change action This report gives information about port role change. Reports contain port number, old role, new role, address, etc.
Compliance Cisco Meraki CM - Successful login activities This report gives information about all the successful authentications. Reports contain user, server, domain, and other useful information.
Compliance Cisco Meraki CM – Wi-Fi Authentication Activities This report gives information about all WPA authentication. Reports contain device name, device serial, and other useful information.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 9.3 or later, and Cisco Meraki Cloud Management.

Download Integration Guide and How-to Guide for more information and to configuration instructions.