Skip to main content

Cisco Meraki

Download With Dependencies

Cloud controlled WiFi, routing, and security.

Cisco Meraki

This pack includes Cortex XSIAM content.

Configuration on Server Side

This section describes the configuration steps required on the Cisco Meraki dashboard to forward requested event logs to Cortex XSIAM Broker VM via syslog.


  1. Log in to the Cisco Meraki dashboard.

  2. Navigate to the network which you want to configure syslog forwarding for.

  3. Go to Network-wideConfigureGeneral.

  4. Click the Add a syslog server link to define a new server entry for the Cortex XSIAM Broker VM syslog server, and fill in the following parameters:

    Parameter Value
    Server IP The IP address of the target Cortex XSIAM Broker VM syslog server.
    Port The port number that the target Cortex XSIAM Broker VM syslog server is configured to listen on for receiving event logs from Cisco Meraki.
    Roles Select the requested event types that should be forwarded to Cortex XSIAM.
  5. Click Save to apply the changes.
For additional details, see Cisco Meraki syslog server overview and configuration.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

You will need to use the information described here.
You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Right-click, and select Syslog CollectorConfigure.
  3. When configuring the Syslog Collector, set the following parameters:
    | Parameter | Value
    | :--- | :---
    | Protocol | Select UDP.
    | Port | Should be aligned with the port defined in the Cisco Meraki Dashboard as described in the Configuration on Server Side section above.
    | Format | Select Auto-Detect.
    | Vendor | Enter Cisco.
    | Product | Enter Meraki.

Cisco Meraki

This pack includes Cortex XSIAM content.

Configuration on Server Side

This section describes the configuration steps required on the Cisco Meraki dashboard to forward requested event logs to Cortex XSIAM Broker VM via syslog.


  1. Log in to the Cisco Meraki dashboard.

  2. Navigate to the network which you want to configure syslog forwarding for.

  3. Go to Network-wideConfigureGeneral.

  4. Click the Add a syslog server link to define a new server entry for the Cortex XSIAM Broker VM syslog server, and fill in the following parameters:

    Parameter Value
    Server IP The IP address of the target Cortex XSIAM Broker VM syslog server.
    Port The port number that the target Cortex XSIAM Broker VM syslog server is configured to listen on for receiving event logs from Cisco Meraki.
    Roles Select the requested event types that should be forwarded to Cortex XSIAM.
  5. Click Save to apply the changes.
For additional details, see Cisco Meraki syslog server overview and configuration.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

You will need to use the information described here.
You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Right-click, and select Syslog CollectorConfigure.
  3. When configuring the Syslog Collector, set the following parameters:
    | Parameter | Value
    | :--- | :---
    | Protocol | Select UDP.
    | Port | Should be aligned with the port defined in the Cisco Meraki Dashboard as described in the Configuration on Server Side section above.
    | Format | Select Auto-Detect.
    | Vendor | Enter Cisco.
    | Product | Enter Meraki.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 9, 2020
Last ReleaseSeptember 19, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.