# NG SIEM - CISCO Meraki Integration

<span style="color: rgb(0, 0, 0);">Cisco Meraki provides a centralized cloud management platform for devices like MX Security Appliances, MR Access Points, and more. Its cloud-based architecture enables secure, scalable networks manageable from anywhere via the Meraki Dashboard or Mobile App. Each Meraki network generates events that can be collected and analyzed.</span>

---

### <span style="color: rgb(53, 152, 219);">**Integration Overview**</span>

<span style="color: rgb(0, 0, 0);">This integration supports event collection through:</span>

- <span style="color: rgb(0, 0, 0);">**Syslog** messages from Meraki devices</span>
- <span style="color: rgb(0, 0, 0);">**API Reporting Webhooks** via the Meraki cloud</span>

<span style="color: rgb(0, 0, 0);">Events can be searched, observed, and visualized.</span>

---

### <span style="color: rgb(53, 152, 219);">**Compatibility**</span>

- <span style="color: rgb(0, 0, 0);">Supports event collection from **MX Security Appliances** and **MR Access Points** via syslog.</span>
- <span style="color: rgb(0, 0, 0);">**MS Switch** events are **not supported** and will not be recognized.</span>

---

#### <span style="color: rgb(53, 152, 219);">**Cisco Meraki Dashboard Configuration**</span>

<span style="color: rgb(0, 0, 0);">**Syslog Setup:**</span>  
<span style="color: rgb(0, 0, 0);">Configure one or more syslog servers and specify Meraki message types to send to those servers. For details, refer to the <span style="color: rgb(132, 63, 161);">**[Syslog Server Overview and Configuration guide](https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration#Configuring_a_Syslog_Server)**</span>.</span>

<span style="color: rgb(0, 0, 0);">**API Endpoint (Webhooks):**</span>  
<span style="color: rgb(0, 0, 0);">Configure Meraki webhooks from the dashboard. See the <span style="color: rgb(132, 63, 161);">**[Webhooks Dashboard Setup](https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Meraki_Device_Reporting_-_Syslog%2C_SNMP%2C_and_API#Webhooks_Dashboard_Setup)**</span> for detailed instructions.</span>

---

#### <span style="color: rgb(53, 152, 219);">**Configuring the Cisco Meraki Integration**</span>

<span style="color: rgb(0, 0, 0);">**Syslog Collection:**</span>

- <span style="color: rgb(0, 0, 0);">Select one or more of these options based on your syslog server setup:</span>
    
    
    - <span style="color: rgb(0, 0, 0);">Collect syslog via **UDP**</span>
    - <span style="color: rgb(0, 0, 0);">Collect syslog via **TCP**</span>
    - <span style="color: rgb(0, 0, 0);">Collect syslog from a **file**</span>
- <span style="color: rgb(0, 0, 0);">Enter the appropriate **Syslog Host**, **Port**, or **File Path** based on your selection.</span>

<span style="color: rgb(0, 0, 0);">**API Webhooks Collection:**</span>

- <span style="color: rgb(0, 0, 0);">Enable **Collect events from Cisco Meraki via Webhooks**.</span>
- <span style="color: rgb(0, 0, 0);">Enter the following values to configure the webhook listener endpoint:</span>
    
    
    - <span style="color: rgb(0, 0, 0);">**Listen Address**</span>
    - <span style="color: rgb(0, 0, 0);">**Listen Port**</span>
    - <span style="color: rgb(0, 0, 0);">**Webhook Path**</span>
- <span style="color: rgb(0, 0, 0);">The endpoint URL will be:</span>  
    <span style="color: rgb(0, 0, 0);">`https://{AGENT_ADDRESS}:8686/meraki/events`</span>
- <span style="color: rgb(0, 0, 0);">Enter the **Secret Value** matching the “Shared Secret” set in your Meraki webhook configuration.</span>
- <span style="color: rgb(0, 0, 0);">Provide **TLS configuration**: Meraki requires HTTPS for webhook endpoints, so configure a valid TLS certificate or use a reverse proxy with HTTPS in front of the integration.</span>

---

### <span style="color: rgb(53, 152, 219);">**Log Events**</span>

<span style="color: rgb(0, 0, 0);">Enable this option to collect Cisco Meraki log events across all applications configured for the selected log stream.</span>

---

### <span style="color: rgb(53, 152, 219);">**Logs Dataset**</span>

- <span style="color: rgb(0, 0, 0);">The `cisco_meraki.log` dataset contains events collected from the configured syslog server.</span>
- <span style="color: rgb(0, 0, 0);">All Cisco Meraki specific syslog fields are available under the `cisco_meraki.log` field group for detailed analysis.  
      
    </span>

<span style="color: rgb(0, 0, 0);">*<span class="TextRun SCXW71272603 BCX0" data-contrast="auto" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0">If you need further </span><span class="NormalTextRun SCXW71272603 BCX0">assistance</span><span class="NormalTextRun SCXW71272603 BCX0">, kindly contact </span></span><span style="color: rgb(53, 152, 219);">**<span class="TextRun SCXW71272603 BCX0" data-contrast="none" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0">support@cytechint.com</span></span>**</span><span class="TextRun SCXW71272603 BCX0" data-contrast="auto" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0"> for prompt </span><span class="NormalTextRun SCXW71272603 BCX0">assistance</span><span class="NormalTextRun SCXW71272603 BCX0"> and guidance.</span></span><span class="EOP SCXW71272603 BCX0" data-ccp-props="{}"></span>*</span>