IoT Security
Integrate IoT Security with Cisco Meraki Cloud
Table of Contents
Integrate IoT Security with Cisco Meraki Cloud
Integrate IoT Security through Cortex XSOAR with Cisco Meraki Cloud.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following Cortex XSOAR setups:
|
IoT Security can integrate through Cortex XSOAR with Cisco Meraki Cloud to gather data
about devices that access the network through Cisco switches and wireless access points.
The data is then shown on the Devices page and Device Details pages in the IoT Security
portal.
Cisco Meraki Cloud uses a hierarchical structure of organizations, networks, and clients,
and it provides a RESTful API that Cortex XSOAR accesses over HTTPS.
In Cortex XSOAR, you create an integration instance and two jobs. The first job queries
Meraki Cloud to learn about its organizations and the networks in each organization. The
second job queries Meraki Cloud about the wired and wireless clients in each network.
IoT Security then imports the device data and displays it on its Devices and Device
Details pages.
You can see the following data in the IoT Security portal for a device learned
from Cisco Meraki Cloud:
- MAC address, IP address, and VLAN of the device
- Vendor that manufactured the device
- OS that the device is running
- Whether the device is wired or wireless
- (If wired) Hostname and management MAC address of the switch through which the wired device accesses the network and the physical port on the switch to which the wired device is connected
- (If wireless) Hostname and management MAC address of the access point with which the wireless client is currently associated and the SSID used for the association
If IoT Security learns about a device from Cisco Meraki Cloud and from its own
analysis of traffic logs that next-generation firewalls report, the data from firewall
traffic logs always takes precedence and overrides conflicting values learned from Cisco
Meraki Cloud.
If two access points (APs) provide conflicting data about the same wireless
client—perhaps because it roamed between them—the most recent data for the following
attributes will be shown: AP name, AP MAC address, and SSID. Similarly, when there’s
conflicting data for a wired device—perhaps because the device was moved to a different
place on the network—IoT Security shows the most recent data for the following
attributes: switch name, switch MAC address, and switch port.
IoT Security also works with Cortex XSOAR to fetch the following information from Cisco
Meraki Cloud about switches on the network:
- Switch MAC address, IP address, hostname, and serial number
- Switch model and firmware version
Integrating with Cisco Meraki Cloud requires either a full-featured Cortex XSOAR server or the purchase
and activation of an IoT Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan
includes a license for three integration add-ons, one of which can be used for this. The
advanced plan includes a license for all supported third-party integrations.