1. Expel Help Center
  2. Connect Your Technology
  3. A-C Integrations
  4. Cisco

Cisco Meraki Setup for Workbench

This topic describes how to set up your Cisco Meraki integration with Workbench.

Prerequisites

  1. You must have a Meraki MX/Z Security and SD-WAN license in place, and it must be an Advanced Security license or above.
  2. For Threat Protection detections, you must have already enabled the IDS and AMP features within the Meraki platform. For additional help, refer to the Cisco Documentation.
  3. You must be able to log in to the Cisco Meraki Dashboard with a dedicated service account (not a standard admin login). If you are unable to do so, contact support for help with onboarding.

Quick Links

  1. Before You Begin
  2. Generate an API Key for Expel
  3. Add Cisco Meraki as a Security Device in Workbench

Before You Begin

You must choose a service account to use for onboarding. You may use an existing service account or you may create a new one.

  1. If you have chosen to create a new service account, create it now. 
    • Use this format for the email address: expel-api@customer-domain.com.
    • For help creating this account, refer to the Cisco Meraki documentation.
  2. For both new and existing service accounts:
    • Make sure you know the Cisco Meraki console URL, and the login credentials (username, password, two-factor authentication if applicable) for the service account. 
    • You will need this information when you add the security device in Workbench.

Step 1: Generate an API Key for Expel

The API key allows us to integrate Cisco Meraki with Workbench.

  1. Log in to the Cisco Meraki Dashboard using your new or existing service account (not a standard admin account).
  2. Use the avatar icon in the top-right corner to access the My Profile page.
  3. In the API Access section, select Generate new API key.
  4. Copy and save the newly generated API key, as you will need it in the next section. The API key is only visible now, and will not display again.
  5. Select Done.

Step 2: Add Cisco Meraki as a Security Device in Workbench

Before you begin, make sure you have the API key from the prior step, that you know your Cisco Meraki tenant's region, and that you have your tenant URL and login credentials for the service account.

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices. If you have multiple organizations, you must select the appropriate organization name from the list.
  3. Select Add Security Device.
  4. In the search box, type “Meraki” and then select the Cisco Meraki integration.
  5. Complete the fields as follows:
    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName Cisco Meraki”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
    • Location - enter the location of your integration, for example “cloud;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
    • API key - enter the API key generated during Step 1.
    • API URI - select the region for your Cisco Meraki tenant (most customers will use the global .com variant).
    • Select Save.
  6. Select Set up now from the console access dropdown. Why do we need console access?
  7. Enter your Cisco Meraki URL and the login credentials for the service account.
  8. Select Save.
  9. Your device should be created successfully within a few seconds. A few reminders:
    • After your connection is healthy, it will take some time for your device to begin polling and receiving data.
    • To check on the status, select the downward arrow for your device in the first column and choose View details.
    • Polling will happen first; data will be received after that. You must refresh the page to see updates.
    • If your device does not begin polling within 15 minutes, and does not begin receiving data within 30 minutes, contact our support team for help.
    • To check if alerts are coming through, navigate to Dashboards > Alert Analysis. Scroll to the device you want to check and select the Expel Alerts tab to reveal more alert information. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Related articles