Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Collection Events from Meraki MX to Qradar via API

Kenneth
Getting noticed
‎Dec 16 2021 1:10 AM
‎Dec 16 2021 1:10 AM

Collection Events from Meraki MX to Qradar via API

Hi guys, wanted to check if someone had encountered the same problem as we have. Collectiong Syslog from local MX devices are easy, but when you have multiple orgz and multiple physical locations you would need to transport syslog over the internet. But we have the option to use the API to collect information into the SIEM tool, does anyone have experience with using the API module within Qradar and polling events from the API in Meraki?

Labels:
0 Kudos
Subscribe
3 Replies 3
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Dec 16 2021 2:52 AM
‎Dec 16 2021 2:52 AM

Depending on what you're trying to achieve, you'll run into the API call limit (10 calls per second). From a firewall perspective, this is not much.

Subscribe
BrandonS
Kind of a big deal
‎Dec 16 2021 9:53 AM
‎Dec 16 2021 9:53 AM

It's not an appliance on site?  Usually these SIEM tools I have seen use mirrored switch ports to see everything.

- Ex community all-star (⌐⊙_⊙)
0 Kudos
Subscribe
Marius
Conversationalist
‎Jan 10 2022 1:49 AM
‎Jan 10 2022 1:49 AM

@Kenneth did you solve this, we are having the same issue, and trying to get the relevant data to Qradar. Not sure what API endpoint to use to get the right data.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.