Skip to main content
Cisco Meraki Documentation

XDR User Guide

  1. Last updated
  2. Save as PDF
The article outlines detailed steps to integrate XDR with the Meraki dashboard, which involves connecting XDR to the Meraki Dashboard, configuring networks to send telemetry, and managing XDR incidents in the Meraki Dashboard.

The Cisco XDR integration is currently in beta.  XDR device insights integration with Meraki Systems Manager and L3 firewall rule automation with Meraki MX is coming soon.

Meraki and XDR Integration

The following sections will help you to manage the Meraki and XDR integration on the Meraki dashboard:

Enable XDR Integration

  1. Navigate to Organization > Integrations page in the Meraki dashboard.

    My Integrations page in dashboard for XDR
  2. Click on "Connect" in the XDR tile.
     
  3. Select your XDR region and click "Continue" to go to the XDR sign-in page.

    select region for xdr integration
  4. After signing into XDR, you will be redirected to the Organization > Integrations page.
  5. If this is your first time configuring this feature you can click “Configure Networks” popup at the top of the Integrations page. This will allow you to configure which networks should send flow telemetry to XDR. Please see the "Configure Networks" section below for details on configuring networks. 

    Click on configure networks
  6. Select the checkbox next to the network(s) you want to configure. After selecting the networks, you can proceed by clicking "Enable".

    Select the checkbox next to the network to configure it
  7. After clicking "Enable", a confirmation window will appear for the networks that will have changes. Click “Enable” to proceed.

    confirmation window
  8. To view information about the XDR integration after it has been enabled, go to Organization > Integrations and click on the “My Integrations” tab.

    my integrations tab
  9. Click on the XDR integration for Organization to view details on the connected account
    xdr connected accounts details

Configure your Network

  1. To configure a network, navigate to Organization > Integrations page in the dashboard and click on the “My integrations” tab.

    my integrations tab to configure network
  2. Click on the XDR Integration.
  3. Click “Configure Networks” which can be found in the “Use this Integration” section.
  4. Select the checkbox next to the network(s) you want to configure. After selecting the networks, you can proceed by clicking “Enable”.

    click checkbox to enable network configuration
  5. After clicking “Enable”, a confirmation window will appear for the networks with changes. Click “Enable” to proceed.

    Click enable in the confirmation window
  6. Configuration is complete. To view XDR Incidents in the Meraki Dashboard, navigate to Organization > Security Center and then click on the “XDR Incidents” tab. Refer to the View and Manage XDR Incidents section for more details. 

Disable XDR Integration

Disconnecting the XDR integration will stop all MX devices from sending flow telemetry to your XDR tenant. It does not delete the telemetry or incidents in XDR.

  1. Go to Organization > Integrations page in the dashboard and click on “My integrations” tab to disable the XDR integration.
  2. Click on the XDR integration you want to disable.

    my integrations tab to configure network
  3. Click "Remove" in the top right corner of the page.
    click remove button to remove selected xdr integration
     
  4. In the dialog box that opens, confirm your action by typing “Remove” in the textbox and then click the “Remove” button.

    type remove in the textbox
  5. Once removed, there will be a confirmation in dashboard and the integration will be removed from the integration list.

    confirmation message that xdr integration has been removed.

View and Manage XDR Incidents

Once the integration steps are completed, your XDR tenant will be connected to the Meraki dashboard. To view and manage XDR Incidents, go to Organization > Security Center page in the dashboard.

On the Security Center page, you will see a new tab called "XDR Incidents". Click the tab to see the XDR Incidents that are in your tenant. By default, the last 30 days will be shown. You may change the timeframe to view incidents older than or more recent than 30 days.

For a comprehensive overview of an incident, simply select the desired incident from the table. Doing so will open a sidebar containing further details. To delve deeper and explore the incident within XDR, press the 'View in XDR' button provided.

 

security center page

Assign User to Incident

To allocate an incident to a specific user, simply click the "Unassigned" label to trigger a sidebar displaying a list of potential Assignees.

Please note only XDR users can be selected for the assignment. 

Any changes to user assignment will be reflected in XDR. For more information on incident assignment, please refer to Cisco XDR's Incident Documentation.


security_center_unassigned.png


Change Incident Status

To change the status of an incident, click on the status drop-down menu for a list of available options. Any changes to the incident status will be reflected in XDR. For more information on incident status, please refer to Cisco XDR's Incident Documentation.

change xdr incident status

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    This page has no tags.