Contact sales
Details

This workflow can be added to your incident response playbook and allows you to block IP addresses using the L3 outbound firewall on Cisco Meraki MX appliances.

Description

This workflow can be added to your incident response playbook and allows you to block IP addresses using the L3 outbound firewall on Cisco Meraki MX appliances. Supported observables: IP, IPV6.

Target: Automation APIs system target, Platform APIs system target, Meraki integration target

Steps:

  • Extract the supported observables
  • Check if any supported observables were found (if not, end the workflow)
  • Fetch the configuration for the Meraki integration
  • Fetch a list of Meraki networks for this organization
  • Check if prompting for network selection is enabled:
    • If it is, prompt the user to select the networks to block in
    • If it isn't, use the list of all available networks
  • For each observable:
    • For each Meraki network:
      • Get the existing L3 firewall rules
      • Insert a new rule and push the updated rule list to Meraki
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Cisco XDR
  • Meraki
About
Author
Cisco
Version
v1.0
Intent
Playbook Task
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Cisco Meraki
Cisco Meraki - Get Network Splash Login Attempts
Cisco Managed
This workflow can be added to your incident response playbook and allows you to get a summary of network splash login attempts for your Cisco Meraki organization's networks.
Playbook Task
Learn more
Logo for Cisco Meraki
Cisco Meraki - Get Top Appliances by Utilization
Cisco Managed
This workflow can be added to your incident response playbook and allows you to get a summary of top appliances by utilization for your Cisco Meraki organization.
Playbook Task
Learn more
Logo for Cisco Meraki
Cisco Meraki - Get Top Clients by Usage
Cisco Managed
This workflow can be added to your incident response playbook and allows you to get a summary of top clients by usage for your Cisco Meraki organization.
Playbook Task
Learn more
Logo for Cisco Meraki
Cisco Meraki - MX - L3 Outbound Firewall Block
Cisco Managed
This workflow appears in the pivot menu and allows a user to block an IP address on a Cisco Meraki MX L3 outbound firewall.
Pivot Menu
Learn more
Logo for Cisco Meraki
Cisco Meraki - MX - L3 Outbound Firewall Block (Playbook)
Cisco Managed
This workflow can be added to your incident response playbook and allows you to block IP addresses using the L3 outbound firewall on Cisco Meraki MX appliances.
Playbook Task
Learn more
Logo for Cisco Meraki
Cisco Meraki - MX - L3 Outbound Firewall Block with Approval
Cisco Managed
This workflow appears in the pivot menu and allows a user to block an IP address on a Cisco Meraki MX L3 outbound firewall (using the selected observable as the rule's destination).
Pivot Menu
Learn more
Logo for Cisco Meraki
Cisco Meraki - Push XDR Feed to Content Filtering
Cisco Managed
This workflow fetches the URLs from a Cisco XDR feed and compares them to the blocked URLs in the Cisco Meraki appliance content filtering configuration.
Learn more