IBM Security QRadar

Hi,
We have cisco Meraki but logs are not forwarding to QRadar.
We tried, by creating the log source manually
By adding the QRadar IP address in Meraki syslog configuration and NAT IP in syslog configuration.

If any one configured with QRadar, please assist to configure.


Thanks

------------------------------
Arunkumar R
------------------------------

Hi Arun,

You need to follow this document to integrate Cisco Meraki with QRadar.
https://www.ibm.com/docs/sk/dsm?topic=meraki-configure-cisco-communicate-qradar

And the integration is supported via syslog.

NOTE:  Since this would be a syslog integration, if you are not getting logs in QRadar from Meraki, then probably it would be a good idea to get in touch with your network team if anywhere the logs are getting dropped.  If not, then engage with the OEM vendor to see why Meraki is not forwarding the logs.

Nothing to do from QRadar side until QRadar sees the events from Meraki.

Hope it helps.

------------------------------
Prabir Meher
------------------------------

Original Message:
Sent: Tue January 31, 2023 05:38 AM
From: Arunkumar R
Subject: Cisco Meraki Integration

Hi,
We have cisco Meraki but logs are not forwarding to QRadar.
We tried, by creating the log source manually
By adding the QRadar IP address in Meraki syslog configuration and NAT IP in syslog configuration.

If any one configured with QRadar, please assist to configure.


Thanks

------------------------------
Arunkumar R
------------------------------

Check the firewall on the Meraki device.  I have seen where you set up logging, but the onboard firewall drops it before it leaves the device.

------------------------------
Scott Searls
------------------------------

Original Message:
Sent: Tue January 31, 2023 11:30 PM
From: Prabir Meher
Subject: Cisco Meraki Integration

Hi Arun,

You need to follow this document to integrate Cisco Meraki with QRadar.
https://www.ibm.com/docs/sk/dsm?topic=meraki-configure-cisco-communicate-qradar

And the integration is supported via syslog.

NOTE:  Since this would be a syslog integration, if you are not getting logs in QRadar from Meraki, then probably it would be a good idea to get in touch with your network team if anywhere the logs are getting dropped.  If not, then engage with the OEM vendor to see why Meraki is not forwarding the logs.

Nothing to do from QRadar side until QRadar sees the events from Meraki.

Hope it helps.

------------------------------
Prabir Meher

Original Message:
Sent: Tue January 31, 2023 05:38 AM
From: Arunkumar R
Subject: Cisco Meraki Integration

Hi,
We have cisco Meraki but logs are not forwarding to QRadar.
We tried, by creating the log source manually
By adding the QRadar IP address in Meraki syslog configuration and NAT IP in syslog configuration.

If any one configured with QRadar, please assist to configure.


Thanks

------------------------------
Arunkumar R
------------------------------