Cisco XDR FAQ
The Cisco XDR integration is currently in beta. XDR device insights integration with Meraki Systems Manager and L3 firewall rule automation with Meraki MX is coming soon.
Accessibility FAQs
How do I access my Cisco XDR tenant outside of the Meraki dashboard?
There are two options for this. You can navigate to XDR by clicking the View in XDR button after you click on an incident in the Security Center page in the Meraki dashboard. Alternatively, you can navigate directly to your XDR region by visiting the appropriate URL listed below:
| URL | Region |
|---|---|
| xdr.us.security.cisco.com | Cisco XDR NAM |
| xdr.eu.security.cisco.com | Cisco XDR EU |
| xdr.apjc.security.cisco.com | Cisco XDR APJC |
How do I access my XDR Cloud Analytics page?
To navigate to Cisco XDR Cloud Analytics:
- Log in to your Cisco XDR account using your region-specific URL.
- In the bottom left corner, click on the XDR button to expand the ribbon.
- In the Applications section, click on your Cisco XDR Cloud Analytics portal. The name will vary, but it should have a small cloud icon.
Connectivity FAQs
Upstream of my MX, I am blocking TCP port 443 connections. Which FQDNs should I allow?
Access to the following FQDNs are required for an MX to send telemetry over TCP port 443
| URL | Region |
|---|---|
| telemetry-2037.mordor.use.production.k8s.ikarem.io | North America |
| telemetry-2037.mordor.apa.production.k8s.ikarem.io | Europe |
| telemetry-2037.mordor.euc.production.k8s.ikarem.io | Asia Pacific |
How can I verify my MX/Z is sending telemetry to Cisco XDR?
First, verify that the MX/Z is configured to send telemetry. Refer to the XDR User Guide for configuration details. Once verified, you can check your Cisco XDR Cloud Analytics event viewer.
To view telemetry in Cisco XDR Cloud Analytics:
- In Cisco XDR Cloud Analytics navigate to Investigate > Event Viewer
- If not already configured, add the Namespace column to the table
- Verify you see the serial number for the MX/Z in question. The format is "meraki: {meraki organization id}: {security appliance network id}: {serial}"
Incident FAQs
Who should I call if I have questions about an incident detected by Cisco XDR?
Questions regarding incidents can best be answered by the Cisco XDR TAC Team. Contact information can be found at the Cisco Worldwide Support Contacts page.
Why don’t I see incidents in the Meraki dashboard?
The Meraki dashboard uses the Cisco XDR API to populate the events seen in the UI. If there are no events in XDR, then the Meraki Security Center will not show any events. If there is an issue loading events, an error will be displayed, as shown in the following image:
Why don't I see incidents in Cisco XDR?
There may not be any XDR incidents detected. This may occur if your internal network is configured for IP addresses outside of RFC1918 / RFC4193. To remedy this issue, you can update the Cloud Analytics with the subnets in your network.
- In Cisco XDR Cloud Analytics navigate to Settings > Subnets.
- Click Create On-Premises Subnet; a modal will appear.
- Enter subnet information and click Create.
General FAQs
How many requests does the Cisco XDR API allow?
The Cisco XDR API allows 8000 API requests per hour.
