Integrate Device Security with Cisco Meraki Cloud
Integrate Device Security through Cortex XSOAR with Cisco Meraki Cloud.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
A full-featured Cortex XSOAR server
|
Device Security can integrate through Cortex XSOAR with Cisco Meraki Cloud to gather data
about devices that access the network through Cisco switches and wireless access points.
The data is then shown on the Devices page and Device Details pages in the Device Security
portal.
Cisco Meraki Cloud uses a hierarchical structure of organizations, networks, and clients,
and it provides a RESTful API that Cortex XSOAR accesses over HTTPS.
In Cortex XSOAR, you create an integration instance and two jobs. One job queries
Meraki Cloud about the wired and wireless clients in its networks and sends the device
data to Device Security for display on the Devices and Device Details pages. A second
job queries Meraki Cloud for network attributes and VLAN information, which
Device Security imports and displays on the All Networks and Sites pages. You can
scope the client import by specifying SSIDs to include or exclude.
You can see the following data in the Device Security portal for a device learned
from Cisco Meraki Cloud:
MAC address, IP address, and VLAN of the device
Vendor that manufactured the device
OS that the device is running
Whether the device is wired or wireless
(If wired) Hostname and management MAC address of the switch through which the
wired device accesses the network and the physical port on the switch to which
the wired device is connected
(If wireless) Hostname and management MAC address of the access point with which
the wireless client is currently associated and the SSID used for the
association
If Device Security learns about a device from Cisco Meraki Cloud and from its own
analysis of traffic logs that next-generation firewalls report, the data from firewall
traffic logs always takes precedence and overrides conflicting values learned from Cisco
Meraki Cloud.
If two access points (APs) provide conflicting data about the same wireless
client—perhaps because it roamed between them—the most recent data for the following
attributes will be shown: AP name, AP MAC address, and SSID. Similarly, when there’s
conflicting data for a wired device—perhaps because the device was moved to a different
place on the network—Device Security shows the most recent data for the following
attributes: switch name, switch MAC address, and switch port.
Device Security also works with Cortex XSOAR to fetch the following information from Cisco
Meraki Cloud about switches on the network:
Switch MAC address, IP address, hostname, and serial number
Switch model and firmware version
Device Security also imports network attributes and VLAN information from Cisco
Meraki Cloud, including network names, subnet configurations, and static IP
assignments. This data appears on the All Networks and Sites pages in the
Device Security portal.
