Overview
Blumira’s modern cloud SIEM platform integrates with Cisco Meraki Firewalls to detect cybersecurity threats and provide an actionable response to remediate when a threat is detected.
When configured, the Blumira integration with Cisco Meraki Firewall will stream security event logs to the Blumira service for threat detection and actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Configuring Cisco Meraki to send logs to Blumira
To configure Cisco Meraki to send log data to Blumira Sensor:
- Open your Meraki dashboard as an administrator.
- Select the device you want to use.
- Select Network-Wide.
- Under Configure, select General.
- In the Reporting section, select Add New Syslog Server.
- Under Server IP, type the IP address of your Blumira sensor.
- Under Port, type 514.
- Under Roles, add all available options.
- Click Save Changes.
See Meraki's Configure Dashboard and Troubleshooting documentation for additional information.
Note: Due to a limitation within Meraki, logs from Meraki AnyConnect cannot be ingested by Blumira and will not appear in the app.