Skip to content

Cisco SecureX Workflows with Meraki and other Cisco Security Products

License

Notifications You must be signed in to change notification settings

mawkhan/securex-with-meraki

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 

Repository files navigation

securex-with-meraki

Cisco SecureX Workflows with Meraki MX Firewall

Blocking a destination in MX L3 Security Rules from SecureX Threat Response

The time required to investigate source of threat & then orchestrate policies in the network to block that threat throughout a large Enterprise Network is critical for organizational security. This code leverages the Meraki API's to orchestrate a deny rule in MX Security policies, which can be trigger directly from Threat Response

{{Configuration Steps}

  1. Logged into https://securex.cisco.com/ and navigatte to SecureX orchestration
  2. Define targets by navigating to Targets on the left hand side as show below:

1

  1. Add new target with below settings:
  • Display name: Meraki
  • Account Keys: No Account Keys - True
  • HTTP- Protocol: HTTPS, Host/IP Address: api.meraki.com, port 443, PATH:/api

12

13

  1. Now goto "workflows", choose "atomic" and select import as shown below:

2

  1. Click on import and then paste the code which you have just copied

3

  1. Now Atomic Action has been imported, open the newly imported Atomic Action

4

  1. Now you have to update the two variables " Meraki API Key" & " Network ID". Network ID will be the ID of your Meraki Network. Also you need to update the Target which you have created earlier

5

11

  1. At this stage, you are ready to Run this workflow directly from same window or you can execute this from SecureX Threat Response. Open the threat response page, start any investigation and then from the observable graph, you can righ click on any observable ( IP or Domain ) and select the workflow which you have just imported "Blocking URL/IP in Meraki MX Firewall

6

7

  1. Now go back to orchestration page where atomic action was already open, you can click on "view Runs" to validate whether your workflow was sucessfully executed

8

9

10

You have now seccessfully orchestrate a Layer 3 deny rule while doing threat hunting from SexureX Threat Response

About

Cisco SecureX Workflows with Meraki and other Cisco Security Products

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published