Requirements

1. Cisco Meraki
1. A Cisco deployment with MX devices is needed to work with Firewall rules. To get more information about licensing options, you can consult the documentation on Meraki MX Security and SD-WAN Licensing.

1. An active Lumu Defender Subscription

Configure Cisco Meraki

1. Log in on the Cisco Meraki page and go to your dashboard

2. You will need to create an API key to feed your network rules with our detected malicious IOCs. Go through the Organization option, then click on API & webhooks.

3. The following window will open. Click on API keys and access to generate the API key.

4. Click on Generate API Key and store the value shown in a safe place. Keep in mind you won’t be able to recover it if you lose it.

5. You will see the malicious IOCs supplied by Lumu in the Security & SD-WAN/Firewall section.

Lumu encrypts this information both in transit and at reset to ensure token confidentiality is maintained. This will remove token updating concerns from the integration maintenance process.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the available apps screen. 

 

2. Locate the Cisco Meraki integration in the available apps area and click to add, then click to view details.

 

3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

4. To activate the integration, click on the activate button. After reading the instructions, provide a meaningful Name. Select the Threat Types. Select the option Include IP indicators to include IP addresses in your feed list (If you leave this option unselected, you won't be able to change it later, even in the editing process).

Go ahead and click the “Next” button to finalize the process.

Please note that you can only modify your API Key. Exercise caution when selecting Threat Types, as changes cannot be made at a later stage.

5. Fill in the required information. You will need to provide the API Key created before. Then, click on the Activate button. Lumu will validate if the credentials provided are correct.

6. Finally, designate the organization to which you intend to implement the modifications. Additionally, align your selections with the organization's specifications by choosing the appropriate networks and templates where you wish to apply the feed.

All templates will be visible, but only networks unbound to templates will be displayed. If you need more information about templates and how to manage them, please refer to the document on Managing Multiple Networks with Configuration Templates 

7. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:

Once the integration is activated, the Security & SD-WAN/Firewall section will be updated with confirmed compromises found by Lumu within the preceding 3 days

Further steps

1. Select one of the networks configured in the integration.
2. Under Security & SD-WAN, click on the Firewall menu under the Configure section.

3. The new rules are labeled as Detected by Lumu under the Outbound rules section.