Cisco Meraki API Token
Service Name: Cisco Meraki
Service Description: Cisco Meraki is a cloud-managed IT solution that offers networking, security, and device management capabilities through a centralized dashboard. It provides products including wireless access points, switches, security appliances, and mobile device management.
Service Address: https://meraki.cisco.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through the Meraki Dashboard API access settings.
Secret Access Scope: Grants programmatic access to the Meraki Dashboard API, allowing management of networks, devices, clients, and configurations across an organization's Meraki infrastructure.
Secret Revokement URL: https://documentation.meraki.com/General_Administration/Other_Topics/Cisco_Meraki_Dashboard_API#API_Key_Management
Secret Example: 6bec40cf957de430a6f1f2baa056b99a4fac9ea0
Suspicious Activity Investigation Instructions:
- Review the API request logs in the Meraki Dashboard under Organization > Configure > Logs > API Requests.
- Check for unusual API calls, especially those modifying network configurations or security settings.
- Verify if there are any unexpected changes to network configurations, device settings, or user permissions.
-
Monitor for API calls from unfamiliar IP addresses or outside normal business hours.
-
Review organization audit logs for suspicious administrative actions.
Mitigation Instructions:
- Log in to the Meraki Dashboard as an administrator.
- Navigate to Organization > Configure > Settings.
- Scroll down to the "Dashboard API access" section.
- Click "Revoke" next to the compromised API key.
- Generate a new API key if needed, with appropriate permissions.
- Consider implementing IP restrictions for API access.
- Review and update organization administrator accounts and permissions.
- Enable two-factor authentication for all administrator accounts.