Requirements

• Cisco Meraki
  
  • A Cisco deployment with MX devices is needed to work with Firewall rules. To get more information about licensing options, you can consult the documentation on Meraki MX Security and SD-WAN Licensing.
  • An active Lumu Defender Subscription or a Lumu for MSP account.

Preliminary Setup - Cisco Meraki

• API Key

Generate an API Key

1. Log into the Cisco Meraki page. On the Dashboard, click on Organization.

2. In the Organization sub-menu, click on API & webhooks.

3. The following window will open. Click on API keys and access.

4. Click on Generate API Key and store the value shown in a safe place.

You won’t be able to recover the API key once you close this window. If you lose your API key, you will need to repeat the steps from the start.

Lumu encrypts this information both in transit and at rest to ensure token confidentiality. This will remove token updating concerns from the integration maintenance process.

Integration Setup - Lumu Portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Cisco Meraki integration and click on Add.

3. Familiarize yourself with the integration details and click the Activate button to start the integration set up process.

4. Provide a meaningful Name(1). Under Threat Types(2), choose the specific threat mappings you want to push to Cisco Meraki. Select the option Include IP Indicators(3) to include IP addresses in the information sent to your feed list. When done, click on the orange Next button.

If you leave the Include IP Indicators option unselected, you won’t be able to change it later. You will need to remove the integration and repeat all the steps again.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. For this step, you will need to provide the API Key created in Step 4 of the Generate an API Key section. Then, click on the orange Next button.

6. Next, you will need to designate the Organization(1) for which you intend to implement the integration. Once selected, you will also need to align the organization's specifications with the appropriate Templates and Networks(2) where you wish to apply the feed.

All templates are visible. However, the list will also display networks unbound to templates. If you need more information about templates and how to manage them, please refer to the document on Managing Multiple Networks with Configuration Templates

7. The integration is now created and active. The Lumu Portal will display the details of the created integration:

Once the integration is activated, the Security & SD-WAN/Firewall section will be updated with confirmed compromises found by Lumu within the preceding 3 days.

Final Steps - Validate the Cisco Meraki Dashboard

To validate the rules managed by Lumu integration, go to your Meraki Dashboard console and follow these steps:

1. Select one of the networks configured in the integration.

2. Under Security & SD-WAN(1), click on the Firewall(2) menu under the Configure section.

3. The new rules are labeled as Detected by Lumu under the Outbound rules section.