Meraki Rest API information is out of date and failing to connect

[giveen]

Describe the bug
The Meraki Rest API is using an out of date authorization behavior
https:/Azure/Azure-Sentinel/tree/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors
https://developer.cisco.com/meraki/api-v1/authorization/#obtaining-your-meraki-api-key

"Next, check that your API call has the correct header with the following (and not v0's X-Cisco-Meraki-API-Key):"

https:/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors/CiscoMerakiMultiRule_ccp/dataConnectorPoller.json

Line 17
"ApiKeyName": "X-Cisco-Meraki-API-Key"

[v-sudkharat]

Hi @giveen, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

[v-sudkharat]

Hi @giveen, Could you please share the screenshot of the error message when you're getting after clicking on connect. Thanks!

[v-sudkharat]

Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state.
Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -

Network Session
Web Session
Audit Event

The custom deployment steps are mentioned into below file :
Custom Deployment - CustomDeploymentSteps.docx
Template File - mainTemplate.json

Many Thanks!

[giveen]

Wow you guys are faster than me. I'll test the deployment you sent me and get back to you guys, but here is the rest of the details requested.

Here was my test script

# Define variables for your organization ID and API key
$orgId = "ORGID"
$apiKey = "APIKEY"

# Define the API endpoint for the organization
$apiUrl = "https://api.meraki.com/api/v1/organizations/$orgId"

# Set up the headers, including the API key
$headers = @{
    "X-Cisco-Meraki-API-Key" = $apiKey
    "Content-Type" = "application/json"
}

# Send a GET request to check the organization's connectivity
try {
    $response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
    
    if ($response) {
        Write-Host "Connectivity to Meraki cloud organization is successful."
        Write-Host "Organization Name: $($response.name)"
        Write-Host "Organization ID: $($response.id)"
    } else {
        Write-Host "No response from the Meraki cloud."
    }
}
catch {
    Write-Host "Failed to connect to the Meraki cloud."
    Write-Host "Error: $($_.Exception.Message)"
}

Returned:

Failed to connect to the Meraki cloud.
Error: The remote server returned an error: (404) Not Found.

Considering the new API, this was my script

# Define variables for your API key
$apiKey = "APIKEY"

# Define the API endpoint for listing organizations
$apiUrl = "https://api.meraki.com/api/v1/organizations"

# Set up the headers, including the API key using Bearer token
$headers = @{
    "Authorization" = "Bearer $apiKey"
    "Content-Type" = "application/json"
}

# Send a GET request to list the organizations
try {
    $response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
    
    if ($response) {
        Write-Host "Connectivity to Meraki cloud organizations is successful."
        foreach ($org in $response) {
            Write-Host "Organization Name: $($org.name)"
            Write-Host "Organization ID: $($org.id)"
        }
    } else {
        Write-Host "No response from the Meraki cloud."
    }
}
catch {
    Write-Host "Failed to connect to the Meraki cloud."
    Write-Host "Error: $($_.Exception.Message)"
}

Result:

Connectivity to Meraki cloud organizations is successful.
Organization Name: Sxxxxxxxxxxxxx
Organization ID: 6xxxxxxxxxxxxxxxxxx

[giveen]

Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state. Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -

Network Session
Web Session
Audit Event

The custom deployment steps are mentioned into below file : Custom Deployment - CustomDeploymentSteps.docx Template File - mainTemplate.json

Many Thanks!

Deployment template validation failed: 'The template resource '/Microsoft.SecurityInsights/-dc-stc4o2e2yuqjg1.0.0' for type 'Microsoft.OperationalInsights/workspaces/providers/contentTemplates' at line '72' and column '87' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-syntax-resources for usage details.'. (Code: InvalidTemplate)

[v-sudkharat]

Hey @giveen, Today I have check with above scripts Old and New one to check the response for the Org Name and Org Id, and received the successfully response for both of them, there no issue currently having with the old API.

And from our end we can be able to connect the existing connector without any fail:

Let's check with your credentials to our updated connector, I see your getting the deployment error is may due to while deployment of template you did not enter the correct values, so please add below values and re-deploy the template -

[giveen]

I was able to deploy the template with no issues after adding in my Workspace-location, and Workspace name.

However, after putting in my Org ID and API key from the Data Connectors page, same result of 404.

[giveen]

@v-sudkharat

If you look at my test script, you will see that Org-ID is no longer needed. When just inputting my API key, Cisco new which Org I belonged too.

[v-sudkharat]

Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently?
And its possible can you share the credentials with us, so we can check it in our environment and understand the error :
Below is the mail ID where you can mail us - [email protected]

[giveen]

Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently? And its possible can you share the credentials with us, so we can check it in our environment and understand the error : Below is the mail ID where you can mail us - [email protected]

Good morning, I will email you from my work email and will reference this .

[v-sudkharat]

Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission.
So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection.
Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.

Thanks!

[giveen]

Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission. So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection. Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.

Thanks!

I have confirmed the org id matches my records and go ahead and send me a teams invite.