TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: API Log Source
ENVIRONMENT: Cisco Meraki Cloud
SUMMARY: Configuration Guide for Meraki Cloud Log Ingestion

Vendor Information

Device Configuration Checklist

1. Log in to the Meraki Cloud Administrator Portal.
2. Obtain an API Key.
3. In the Huntress Console (from the Account-Level Dashboard), navigate to SIEM -> Source Management.
   • The Cisco Meraki Cloud Source option is not available at the Organization-Level because you are asked to map the Huntress equivalent organization later in the setup.
4. Select the "Categories" tab below the Source Management header.
5. Select View Details on the Meraki Cloud source card.
6. Select the green +Add button to create a new Meraki Cloud configuration.
7. Enter the details of the configuration as needed, including the API key obtained in the first two steps. 
8. Select the correct Base URI for your Meraki instance.
9. Save the configuration.
10. After saving, you'll be directed to the Configure page where you will need to map the organizations between Cisco Meraki Cloud and Huntress. For each Meraki Cloud Organization, select a Huntress equivalent organization from the dropdown.
11. Once the organizations have been mapped, the Meraki Cloud configuration page will show the mapped log sources. Clicking on a source organization will bring you to a query page with the relevant logs.