Skip to main content
Sumo Logic

Install the Cisco Meraki App and View the Dashboards

This page provides instructions on how to install the Cisco Meraki App, as well as examples and descriptions for each of the dashboards.

This page provides instructions on how to install the Cisco Meraki App, as well as examples of each of the dashboards. The App's pre-configured searches and Dashboards provide easy-to-access visual insights into your data. 

Install the App

This section shows you how to install the Cisco Meraki App. 

To install the app, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
  3. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

CiscoMerak_Dashboard_filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

CiscoMeraki_Panel_filters.png

Cisco Meraki - Overview Dashboard

The Cisco Meraki - Overview dashboard provides a high-level view of high severity threats, port scan attacks, HTTP requests, and Air Marshall events in your environment. Panels also display overviews for message types and trends, as well as device names and trends.

Use this dashboard to:

  • Monitor the number high severity threats and scan attacks.
  • Identify trends across messages and appliance names.

CiscoMeraki_Overview.png

Cisco Meraki - Security Threats Dashboard

The Cisco Meraki - Security Threats dashboard provides a high-level view of events, event priority and type, security threat event trends, and hosts that have been impacted. The panels also show detailed information on IDS signatures that were matched, malicious files that were blocked, and files that were deemed malicious after further investigation.

Use this dashboard to:

  • Determine the hosts or systems impacted by various threats and intrusion activities that have been identified and resolved.
  • Monitor files that are blocked by anti-malware protection from various sources and destinations, to understand where the threats are coming from.
  • Identify the most prevalent threats that could have a high impact on your environment.
  • Monitor when, where, and what actions are taken with configured policies in your environment and optimize your policies accordingly.

CiscoMeraki_Security_Threats.png 

Cisco Meraki - URLs Overview Dashboard

The Cisco Meraki - URLs Overview dashboard provides a high-level view of requests made, destination locations, and threats by URLs. The panels also display information on mac addresses, methods, OS platforms used, the top requested URLs and destination ports. Graphs for outlier trends and comparison graphs provide insights that enable proactive troubleshooting and root cause resolution.

Use this dashboard to:

  • Monitor the load on your network by looking at the rate of all requests and rates based on specific types of HTTP methods. This allows you to anticipate resource needs and allocate them accordingly. 
  • Monitor request trends and outliers in requests.
  • Identify how you are acquiring devices with MAC Address outliers or client IP addresses, and compare this data with positive and negative outliers. 
  • Monitor destination IP address outliers to check for sudden changes in user behavior and destination location traffic.
  • Monitor destinations visited by users of your network. 

CiscoMeraki_URLs_Overview.png

Cisco Meraki - URLs Content and Client Platform Dashboard

The Cisco Meraki - URLs Content and Client Platform dashboard provides information on the top media types that are requested in your environment, trends on media types that are requested over time, and the top requested URLs. The panels also display information on the OS platforms used, the browsers used on the various operating systems, and the platform versions used.

Use this dashboard to:

  • Monitor operating systems (OS) for desktop and mobile devices, as well as browser information available in user agents, to understand how IT should best support your users.
  • Determine which sites, pages, and file types are the most popular with your users, and develop policies accordingly.

 CiscoMeraki_URLs_Content_and_Client_Platform.png

Cisco Meraki - URLs Threat Intel Dashboard

The Cisco Meraki - URLs Threat Intel dashboard provides a high-level view of the number of threats, their geographic locations, threats by actor, the malicious confidence, and details on IP destinations. The panels also show the number of threats by URL, their geographic locations, threats by actor, the malicious confidence, and the details on the URL threats.

Use this dashboard to:

  • Identify and remediate potential threats and indicators of compromises to your network.
  • Monitor whether users are accessing web pages or destination IP addresses that have been tagged as malicious by Sumo Logic Threat Intel.

CiscoMeraki_URLs_Threat_Intel.png

Cisco Meraki - Flows Overview Dashboard

The Cisco Meraki - Flows Overview dashboard provides a high-level view of traffic sources, destinations, protocols, and traffic action time comparisons. The panels also show detailed information on the top source IPs, destination ports, and possible port scan attacks for both allowed and denied traffic. 

Use this dashboard to:

  • Monitor network traffic that’s been allowed and rejected. 
  • Monitor the activity of TCP and UDP ports to identify possible port scan attacks, both horizontal and vertical. 

CiscoMeraki_Flows_Overview.png

Cisco Meraki - Flows Allowed and Rejected Dashboard

The Cisco Meraki - Flows Allowed and Rejected dashboard provides a high-level view of the geographic locations and outlier graphs for allowed and denied traffic. Panels also show allowed and denied insecure traffic by protocol, allowed insecure traffic by application and host, allowed network activity on unencrypted ports, and a graph of flows by pattern.

Use this dashboard to:

  • Detect sudden changes in allowed or rejected traffic in the outlier panels.
  • Identify systems and hosts involved in insecure data transit over insecure connections and port protocols like ftp, telnet, http, and rlogin. You can also identify successful and rejected network connections for insecure connections.

 CiscoMeraki_Flows_Allowed_and_Rejected.png

Cisco Meraki - Events Dashboard

The Cisco Meraki - Events dashboard provides a high-level view of events for MR access points, MX security appliances, and MS switches. Panels display information on the number of events, event types, Air Marshall events, connectivity, client DHCP events, and trend graphs of events over time.

Use this dashboard to:

  • Monitor access point activities, such as association, disassociation, authentication, deauthentication, packet floods, rogue SSIDs, and SSID Spoofing activities. For details, see the following Cisco Meraki documentation.
  • Monitor VPN connectivity and uplink connectivity changes, as well as client DHCP lease details with MX Security Appliances. For details, see Cisco Meraki documentation.
  • Monitor switching events from Meraki MS Switches. For details, see Cisco Meraki documentation.

CiscoMeraki_Events.png