Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=CiscoMerakiAPI

Cisco Meraki (API)

API

You must have the Firewall integrations license pack to use this feature.

You need the Cisco Meraki Advanced Security Licence to make full use of this integration.

You can integrate Cisco Meraki with Sophos Central so that it sends data to Sophos for analysis.

The Cisco Meraki (API) integration only sends Cisco "Security events" logs. If you want to send others, such as "Flows" or "IDS Alerts", use the syslog-based Cisco Meraki integration. See Cisco Meraki (Log collector).

This integration is API-based.

The key steps are as follows:

  • Get the API key and Organization ID from Meraki.
  • Configure an integration in Sophos Central.

Get the API key and Organization ID from Meraki

You need a Cisco admin account with read-only organization access. Use the account to create a bearer token. See Adding an Organization Admin.

To get the Meraki details you need for integration, do as follows:

  1. Sign in to the Meraki Web Management Portal.
  2. Go to Organization > Settings.

  3. In the Dashboard API Access section, select Enable access to the Cisco Meraki Dashboard API. Then, click the Profile link.

    Alternatively, go directly to the My Profile page by using the link in the upper-right of the dashboard.

  4. Scroll down to the API Access section and click Generate new API key.

  5. In the New API key pop-up, do as follows:

    1. Click the copy button next to the key. Save the key in a secure location. You'll need to use it later in Sophos Central.
    2. Select the I have stored my new API key checkbox.
    3. Click Done.

  6. Open a new browser tab and go to https://api.meraki.com/api/v1/organizations.

  7. Find the organization associated with the client that needs Meraki integration. The organization details are in this form:

    [{"id":"xxxxxxxxxx","name":"organization-name"}]

    Then do as follows:

    1. Look for the client or customer name following the "name" label.
    2. Copy the "id" value shown immediately before the organization's name label. This is an Organization ID. You'll need this for use later in Sophos Central.

    You only need one Organization ID for an integration. If you have multiple organizations, you may need multiple integrations.

Next, you configure an integration in Sophos Central.

Configure an integration

To integrate Cisco Meraki with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.

  2. Click Cisco Meraki (API).

    The Cisco Meraki (API) page opens. You can configure integrations here and see a list of any you've already configured.

  3. Click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter a name and a description for the integration.

    2. Enter the Base URL. This is optional in most territories. If you leave it blank, the Base URL defaults to https://api.meraki.com/api/v1.

      If you're in China, enter https://api.meraki.cn/api/v1.

    3. Enter the API token and Cisco Organization ID you got from Meraki.

      The API token is the "API key" you generated.

  5. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.

More information