: Integrate IoT Security with Cisco Meraki Cloud
Focus
Focus

Integrate IoT Security with Cisco Meraki Cloud

Table of Contents

Integrate IoT Security with Cisco Meraki Cloud

Integrate IoT Security through Cortex XSOAR with Cisco Meraki Cloud.
IoT Security can integrate through Cortex XSOAR with Cisco Meraki Cloud to gather data about devices that access the network through Cisco switches and wireless access points. The data is then shown on the Devices page and Device Details pages in the IoT Security portal.
Cisco Meraki Cloud uses a hierarchical structure of organizations, networks, and clients, and it provides a RESTful API that Cortex XSOAR accesses over HTTPS.
In Cortex XSOAR, you create an integration instance and two jobs. The first job queries Meraki Cloud to learn about its organizations and the networks in each organization. The second job queries Meraki Cloud about the wired and wireless clients in each network. IoT Security then imports the device data and displays it on its Devices and Device Details pages.
You can see the following data in the IoT Security portal for a device learned from Cisco Meraki Cloud:
  • MAC address, IP address, and VLAN of the device
  • Vendor that manufactured the device
  • OS that the device is running
  • Whether the device is wired or wireless
  • (If wired) Hostname and management MAC address of the switch through which the wired device accesses the network and the physical port on the switch to which the wired device is connected
  • (If wireless) Hostname and management MAC address of the access point with which the wireless client is currently associated and the SSID used for the association
If IoT Security learns about a device from Cisco Meraki Cloud and from its own analysis of traffic logs that next-generation firewalls report, the data from firewall traffic logs always takes precedence and overrides conflicting values learned from Cisco Meraki Cloud.
If two access points (APs) provide conflicting data about the same wireless client—perhaps because it roamed between them—the most recent data for the following attributes will be shown: AP name, AP MAC address, and SSID. Similarly, when there’s conflicting data for a wired device—perhaps because the device was moved to a different place on the network—IoT Security shows the most recent data for the following attributes: switch name, switch MAC address, and switch port.
IoT Security also works with Cortex XSOAR to fetch the following information from Cisco Meraki Cloud about switches on the network:
  • Switch MAC address, IP address, hostname, and serial number
  • Switch model and firmware version
Integrating with Cisco Meraki Cloud requires either a full-featured Cortex XSOAR server or the purchase and activation of an IoT Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for this. The advanced plan includes a license for all supported third-party integrations.