Skip to main content

 

Cisco Meraki Documentation

XDR User Guide

  1. Last updated
  2. Save as PDF
The article outlines detailed steps to integrate XDR with the Meraki dashboard, which involves connecting XDR to the Meraki Dashboard, configuring networks to send telemetry, and managing XDR incidents in the Meraki Dashboard.

The Cisco XDR integration is currently in beta.  XDR device insights integration with Meraki Systems Manager and L3 firewall rule automation with Meraki MX is coming soon.

Meraki and XDR Integration

The following sections will help you to manage the Meraki and XDR integration on the Meraki dashboard:

Enable XDR Integration

  1. Navigate to Organization > Configure > Integrations page in the Meraki dashboard.

    My Integrations page in dashboard for XDR
  2. Click on Connect in the XDR tile.
     
  3. Select your XDR region and click Continue to go to the XDR sign-in page.

    select region for xdr integration
  4. After signing into XDR, you will be redirected to the Organization > Configure > Integrations page.
  5. If this is your first time configuring this feature you can click Configure Networks popup at the top of the Integrations page. This will allow you to configure which networks should send flow telemetry to XDR. See the Configure Networks section below for details on configuring networks. 

    Click on configure networks
  6. Select the checkbox next to the network(s) you want to configure. After selecting the networks, you can proceed by clicking Enable.

    Select the checkbox next to the network to configure it
  7. After clicking Enable, a confirmation window will appear for the networks that will have changes. Click Enable to proceed.

    confirmation window
  8. To view information about the XDR integration after it has been enabled, go to Organization > Configure > Integrations and click on the My Integrations tab.

    my integrations tab
  9. Click on the XDR integration for organization to view details on the connected account.
    xdr connected accounts details

Configure your Network

  1. To configure a network, navigate to Organization > Configure > Integrations page in the dashboard and click on the My integrations tab.

    my integrations tab to configure network
  2. Click on the XDR Integration.
  3. Click Configure Networks which can be found in the Use this Integration section.
  4. Select the checkbox next to the network(s) you want to configure. After selecting the networks, you can proceed by clicking Enable.

    click checkbox to enable network configuration
  5. After clicking Enable, a confirmation window will appear for the networks with changes. Click Enable to proceed.

    Click enable in the confirmation window
  6. Configuration is complete. To view XDR Incidents in the Meraki dashboard, navigate to Organization > Monitor > Security Center and click the XDR Incidents tab. Refer to the View and Manage XDR Incidents section for more details. 

Disable XDR Integration

Disconnecting the XDR integration will stop all MX devices from sending flow telemetry to your XDR tenant. It does not delete the telemetry or incidents in XDR.

  1. Go to Organization > Configure > Integrations page in the dashboard and click on My integrations tab to disable the XDR integration.
  2. Click on the XDR integration you want to disable.

    my integrations tab to configure network
  3. Click Remove in the top right corner of the page.
    click remove button to remove selected xdr integration
     
  4. In the dialog box that opens, confirm your action by typing "Remove" in the textbox and then click the Remove button.

    type remove in the textbox
  5. Once removed, there will be a confirmation in dashboard and the integration will be removed from the integration list.

    confirmation message that xdr integration has been removed.

View and Manage XDR Incidents

Once the integration steps are completed, your XDR tenant will be connected to the Meraki dashboard. To view and manage XDR Incidents, go to Organization > Monitor > Security Center page in the dashboard.

On the Security Center page, you will see a new tab called XDR Incidents. Click the tab to see the XDR Incidents that are in your tenant. By default, the last 30 days will be shown. You may change the timeframe to view incidents older than or more recent than 30 days.

For a comprehensive overview of an incident, simply select the desired incident from the table. Doing so will open a sidebar containing further details. To delve deeper and explore the incident within XDR, press the View in XDR button provided.

 

security center page

Assign User to Incident

To allocate an incident to a specific user, simply click the Unassigned label to trigger a sidebar displaying a list of potential Assignees.

Note: Only XDR users can be selected for the assignment. 

Any changes to user assignment will be reflected in XDR. For more information on incident assignment, refer to Cisco XDR's Incident Documentation.


security_center_unassigned.png


Change Incident Status

To change the status of an incident, click on the status drop-down menu for a list of available options. Any changes to the incident status will be reflected in XDR. For more information on incident status, refer to Cisco XDR's Incident Documentation.

change xdr incident status

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    This page has no tags.