Collection Events from Meraki MX to Qradar via API

Getting noticed

Collection Events from Meraki MX to Qradar via API

Hi guys, wanted to check if someone had encountered the same problem as we have. Collectiong Syslog from local MX devices are easy, but when you have multiple orgz and multiple physical locations you would need to transport syslog over the internet. But we have the option to use the API to collect information into the SIEM tool, does anyone have experience with using the API module within Qradar and polling events from the API in Meraki?

3 Replies 3
Kind of a big deal
Kind of a big deal

Depending on what you're trying to achieve, you'll run into the API call limit (10 calls per second). From a firewall perspective, this is not much.

Kind of a big deal

It's not an appliance on site?  Usually these SIEM tools I have seen use mirrored switch ports to see everything.

- Ex community all-star (⌐⊙_⊙)

@Kenneth did you solve this, we are having the same issue, and trying to get the relevant data to Qradar. Not sure what API endpoint to use to get the right data.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.