Cisco XDR FAQ
The Cisco XDR integration is currently in beta. XDR device insights integration with Meraki Systems Manager and L3 firewall rule automation with Meraki MX is coming soon.
Who should I call if I have questions about an incident detected by Cisco XDR?
Answer: Questions regarding incidents can best be answered by the Cisco XDR TAC Team. Contact information can be found at the Cisco Worldwide Support Contacts page.
How do I access my Cisco XDR tenant outside of the Meraki Dashboard?
Answer: There are two options for this. You can navigate to XDR by clicking the “View in XDR” button after you click on an incident in the Security Center page in the Meraki dashboard. Alternatively, you can navigate directly to your XDR region by visiting the appropriate URL listed below:
| URL | Region |
| xdr.us.security.cisco.com | Cisco XDR NAM |
| xdr.eu.security.cisco.com | Cisco XDR EU |
| xdr.apjc.security.cisco.com | Cisco XDR APJC |
How do I access my XDR Cloud Analytics page?
To navigate to Cisco XDR Cloud Analytics:
- Log in to your Cisco XDR account using your region-specific URL
- In the bottom left corner, click on the "XDR" button to expand the ribbon
- In the "Applications" section, click on your Cisco XDR Cloud Analytics portal, the name will vary, but it should have a small icon of a cloud
Upstream of my MX I am not allowing 443 connections, which FQDNs should I allow?
Access to the following FQDNs are required for an MX to send telemetry over TCP port 443
| URL | Region |
| telemetry-2037.mordor.use.production.k8s.ikarem.io | North America |
| telemetry-2037.mordor.apa.production.k8s.ikarem.io | Europe |
| telemetry-2037.mordor.euc.production.k8s.ikarem.io | Asia Pacific |
Why don’t I see incidents in the Meraki Dashboard?
Answer: The Meraki dashboard uses the Cisco XDR API to populate the events seen in the UI. If there are no events in XDR, then the Meraki Security Center will not show any events. If there is an issue loading events, an error will be displayed, as shown in the following image:
Why don't I see incidents in Cisco XDR?
Answer: There may not be any XDR incidents detected. This may occur if your internal network is configured for IP addresses outside of RFC1918 / RFC4193. To remedy this issue, you can update the Cloud Analytics with the subnets in your network.
- In Cisco XDR Cloud Analytics navigate to Settings > Subnets
- Click "Create On-Premises Subnet", a modal will pop up
- Enter subnet information and click "Create"
How can I verify my MX/Z is sending telemetry to Cisco XDR?
Answer: First verify that the MX/Z is configured to send telemetry, please reference this article for configuration details. Once verified, you can check your Cisco XDR Cloud Analytics event viewer.
To view telemetry in Cisco XDR Cloud Analytics:
- In Cisco XDR Cloud Analytics navigate to Investigate > Event Viewer
- If not already configured, add the "Namespace" column to the table
- Verify you see the serial number for the MX/Z in question. The format is "meraki: {meraki organization id}: {security appliance network id}: {serial}"
How many requests does the Cisco XDR API allow?
Answer: The Cisco XDR API allows 8000 API requests per hour.
