Azure
Meraki Rest API information is out of date and failing to connect
Describe the bug The Meraki Rest API is using an out of date authorization behavior https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors https://developer.cisco.com/meraki/api-v1/authorization/#obtaining-your-meraki-api-key
"Next, check that your API call has the correct header with the following (and not v0's X-Cisco-Meraki-API-Key):"
https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors/CiscoMerakiMultiRule_ccp/dataConnectorPoller.json
Line 17 "ApiKeyName": "X-Cisco-Meraki-API-Key"
Hi @giveen, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
Hi @giveen, Could you please share the screenshot of the error message when you're getting after clicking on connect. Thanks!
Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state. Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -
Network Session
Web Session
Audit Event
The custom deployment steps are mentioned into below file : Custom Deployment - CustomDeploymentSteps.docx Template File - mainTemplate.json
Many Thanks!
Wow you guys are faster than me. I'll test the deployment you sent me and get back to you guys, but here is the rest of the details requested.
Here was my test script
# Define variables for your organization ID and API key
$orgId = "ORGID"
$apiKey = "APIKEY"
# Define the API endpoint for the organization
$apiUrl = "https://api.meraki.com/api/v1/organizations/$orgId"
# Set up the headers, including the API key
$headers = @{
"X-Cisco-Meraki-API-Key" = $apiKey
"Content-Type" = "application/json"
}
# Send a GET request to check the organization's connectivity
try {
$response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
if ($response) {
Write-Host "Connectivity to Meraki cloud organization is successful."
Write-Host "Organization Name: $($response.name)"
Write-Host "Organization ID: $($response.id)"
} else {
Write-Host "No response from the Meraki cloud."
}
}
catch {
Write-Host "Failed to connect to the Meraki cloud."
Write-Host "Error: $($_.Exception.Message)"
}
Returned:
Failed to connect to the Meraki cloud.
Error: The remote server returned an error: (404) Not Found.
Considering the new API, this was my script
# Define variables for your API key
$apiKey = "APIKEY"
# Define the API endpoint for listing organizations
$apiUrl = "https://api.meraki.com/api/v1/organizations"
# Set up the headers, including the API key using Bearer token
$headers = @{
"Authorization" = "Bearer $apiKey"
"Content-Type" = "application/json"
}
# Send a GET request to list the organizations
try {
$response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
if ($response) {
Write-Host "Connectivity to Meraki cloud organizations is successful."
foreach ($org in $response) {
Write-Host "Organization Name: $($org.name)"
Write-Host "Organization ID: $($org.id)"
}
} else {
Write-Host "No response from the Meraki cloud."
}
}
catch {
Write-Host "Failed to connect to the Meraki cloud."
Write-Host "Error: $($_.Exception.Message)"
}
Result:
Connectivity to Meraki cloud organizations is successful.
Organization Name: Sxxxxxxxxxxxxx
Organization ID: 6xxxxxxxxxxxxxxxxxx
Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state. Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -
Network Session Web Session Audit EventThe custom deployment steps are mentioned into below file : Custom Deployment - CustomDeploymentSteps.docx Template File - mainTemplate.json
Many Thanks!
Deployment template validation failed: 'The template resource '/Microsoft.SecurityInsights/-dc-stc4o2e2yuqjg1.0.0' for type 'Microsoft.OperationalInsights/workspaces/providers/contentTemplates' at line '72' and column '87' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-syntax-resources for usage details.'. (Code: InvalidTemplate)
Hey @giveen, Today I have check with above scripts Old and New one to check the response for the Org Name and Org Id, and received the successfully response for both of them, there no issue currently having with the old API.
And from our end we can be able to connect the existing connector without any fail:
Let's check with your credentials to our updated connector, I see your getting the deployment error is may due to while deployment of template you did not enter the correct values, so please add below values and re-deploy the template -
I was able to deploy the template with no issues after adding in my Workspace-location, and Workspace name.
However, after putting in my Org ID and API key from the Data Connectors page, same result of 404.
@v-sudkharat
If you look at my test script, you will see that Org-ID is no longer needed. When just inputting my API key, Cisco new which Org I belonged too.
Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently? And its possible can you share the credentials with us, so we can check it in our environment and understand the error : Below is the mail ID where you can mail us - [email protected]
Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently? And its possible can you share the credentials with us, so we can check it in our environment and understand the error : Below is the mail ID where you can mail us - [email protected]
Good morning, I will email you from my work email and will reference this .
Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission. So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection. Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.
Thanks!
Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission. So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection. Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.
Thanks!
I have confirmed the org id matches my records and go ahead and send me a teams invite.
Hi @giveen, Due to conflict in Time, let us check and match the meeting availability which suits for both the Time zones: Meantime, I'm sharing some steps which I was thought to do in call itself. So, could you please follow below steps and let me know if it resolves the issue :
-
Please go to Content Hub and Uninstall / delete the existing solution:
-
Go to the Data Connector blade page and delete that Cisco Meraki connector manually, refer below screenshot to delete it :
-
Now do the custom deployment of the Main template file which has been already mentioned in previous comment -
- https://github.com/Azure/Azure-Sentinel/issues/11248#issuecomment-2405010322
- https://github.com/Azure/Azure-Sentinel/issues/11248#issuecomment-2406670978
Custom Deployment - CustomDeploymentSteps.docx Template File - mainTemplate.json
The previous deployment may have not overwrite the data connector and maybe due to that reason the 404 same issue occurred.
Please follow the above steps and let us know your response, so if required we will forward this issue to our concern team to address the issue.
Thanks!
I removed the connectors
I deployed the template
Verified successful deployment
Made sure my API from Meraki matched
Made sure the API key worked and it returned my org ID
Set up the org ID and API in the data connector
Failed. Same Error
@v-sudkharat I'm curious if the reason why maybe its failing is because CiscoMerakiIDS logs dont exist on my end? I'm reaching out to my network engineers to ask if we have IDS on our Meraki XR
@giveen, Sure please.
And could you please confirm did you follow this step as well?
Note: If not, then the new deployed template will not work as it does not overwrite the existing connector, So if not done then please check with following that one and test.
OR you can also deploy the shared template in a new workspace where there is not already cisco Meraki solution has been deployed.
Thanks!
@v-sudkharat yes, I made sure that it was gone from Data Connectors before adding it. I had to go into the resource group and delete it manually since doing it from within Sentinel itself gave an delete error.
@v-sudkharat I've confirmed with our Network team that our Meraki XRs do have NIDS
Running into the same problem as you are facing here. Just wondering, would this have anything to do with permissions on the account that has generated the API key? Interested to know if this is down to permissions to why data can't be pulled back. Could you confirm what you have set on yours please @v-sudkharat
Hi @giveen / @sh4d0wl0ck, Could you please open an azure support case, so this issue can be check by our concern data collection team and if required take a call with you. Please do share the case Id. Thanks!
@giveen, Could you please share the ticket id with us to follow up on it. Thanks!
Hi @giveen, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 13-11-2024 date, we will be closing this issue. Thanks!
Hi, so I dont think I have the ability to put in support tickets for Azure, per my talk with our system operations guy. Seems like we havent paid for that support.
On Mon, Nov 11, 2024 at 4:46 AM v-sudkharat @.***> wrote:
Hi @giveen https://github.com/giveen, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 13-11-2024 date, we will be closing this issue. Thanks!
— Reply to this email directly, view it on GitHub https://github.com/Azure/Azure-Sentinel/issues/11248#issuecomment-2467979281, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJAKC5KUASYEML5UVQSJD32ACKJTAVCNFSM6AAAAABPVF7OF2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRXHE3TSMRYGE . You are receiving this because you were mentioned.Message ID: @.***>
@giveen, Noted. let us check with our team if have any alternates. Thanks!
@giveen, We have initial check in Cisco Meraki end, the 404 is due to the incorrect ORG ID has been entered while configuration of Data connector. So, could you please find out the correct ORG ID and its API key from below shared steps and add it into the connector- A. For ORG ID-
- Login to Cisco Meraki Dashboard - https://account.meraki.com/login/
- Go to the setting -
-
In Setting scroll down to page -
-
You will get the ORG ID here -
B. For API Key -
-
Go to My profile -
-
Check for the API KEY -
NOTE: The ORG ID are correctly mapped to API KEY, and also please check for the If multiple ORG have into the cisco side.
Thanks!
@giveen / @sh4d0wl0ck , Did you get a change to check on above comment. Thanks!
Yes I did. I'm 100% certain I have the correct org ID
On Thu, Nov 21, 2024, 2:43 AM v-sudkharat @.***> wrote:
@giveen https://github.com/giveen / @sh4d0wl0ck https://github.com/sh4d0wl0ck , Did you get a change to check on above comment. Thanks!
— Reply to this email directly, view it on GitHub https://github.com/Azure/Azure-Sentinel/issues/11248#issuecomment-2490588877, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJAKC4BNMH57AN3QMPPPL32BWTKVAVCNFSM6AAAAABPVF7OF2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJQGU4DQOBXG4 . You are receiving this because you were mentioned.Message ID: @.***>
Running into the same problem as you are facing here. Just wondering, would this have anything to do with permissions on the account that has generated the API key? Interested to know if this is down to permissions to why data can't be pulled back. Could you confirm what you have set on yours please @v-sudkharat
@giveen, Noted @sh4d0wl0ck, After following the steps mentioned here - https://github.com/Azure/Azure-Sentinel/issues/11248#issuecomment-2482953550 , still facing issue?
@sh4d0wl0ck
@v-sudkharat and I were able to determine that it was a permissions on the Meraki side. He isnt sure what permissions are needed, I'm going to work with my network engineer and see if I can either determine what permissions are needed or if they can generate an API key for me that will work from their higher level.