Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Meraki Rest API information is out of date and failing to connect #11248

Open
giveen opened this issue Oct 9, 2024 · 32 comments · May be fixed by #11254
Open

Meraki Rest API information is out of date and failing to connect #11248

giveen opened this issue Oct 9, 2024 · 32 comments · May be fixed by #11254
Assignees
Labels
Connector Connector specialty review needed enhancement New feature or request

Comments

@giveen
Copy link

giveen commented Oct 9, 2024

Describe the bug
The Meraki Rest API is using an out of date authorization behavior
https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors
https://developer.cisco.com/meraki/api-v1/authorization/#obtaining-your-meraki-api-key

"Next, check that your API call has the correct header with the following (and not v0's X-Cisco-Meraki-API-Key):"

https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20Meraki%20Events%20via%20REST%20API/Data%20Connectors/CiscoMerakiMultiRule_ccp/dataConnectorPoller.json

Line 17
"ApiKeyName": "X-Cisco-Meraki-API-Key"

@v-sudkharat v-sudkharat self-assigned this Oct 10, 2024
@v-sudkharat v-sudkharat added the Connector Connector specialty review needed label Oct 10, 2024
@v-sudkharat
Copy link
Contributor

Hi @giveen, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

@v-sudkharat
Copy link
Contributor

Hi @giveen, Could you please share the screenshot of the error message when you're getting after clicking on connect. Thanks!

@v-sudkharat v-sudkharat added the enhancement New feature or request label Oct 10, 2024
@v-sudkharat v-sudkharat linked a pull request Oct 10, 2024 that will close this issue
@v-sudkharat
Copy link
Contributor

Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state.
Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -

Network Session
Web Session
Audit Event

The custom deployment steps are mentioned into below file :
Custom Deployment - CustomDeploymentSteps.docx
Template File - mainTemplate.json

Many Thanks!

@v-sudkharat v-sudkharat linked a pull request Oct 10, 2024 that will close this issue
@giveen
Copy link
Author

giveen commented Oct 10, 2024

Wow you guys are faster than me. I'll test the deployment you sent me and get back to you guys, but here is the rest of the details requested.

Image

Here was my test script

# Define variables for your organization ID and API key
$orgId = "ORGID"
$apiKey = "APIKEY"

# Define the API endpoint for the organization
$apiUrl = "https://api.meraki.com/api/v1/organizations/$orgId"

# Set up the headers, including the API key
$headers = @{
    "X-Cisco-Meraki-API-Key" = $apiKey
    "Content-Type" = "application/json"
}

# Send a GET request to check the organization's connectivity
try {
    $response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
    
    if ($response) {
        Write-Host "Connectivity to Meraki cloud organization is successful."
        Write-Host "Organization Name: $($response.name)"
        Write-Host "Organization ID: $($response.id)"
    } else {
        Write-Host "No response from the Meraki cloud."
    }
}
catch {
    Write-Host "Failed to connect to the Meraki cloud."
    Write-Host "Error: $($_.Exception.Message)"
}

Returned:

Failed to connect to the Meraki cloud.
Error: The remote server returned an error: (404) Not Found.

Considering the new API, this was my script


# Define variables for your API key
$apiKey = "APIKEY"

# Define the API endpoint for listing organizations
$apiUrl = "https://api.meraki.com/api/v1/organizations"

# Set up the headers, including the API key using Bearer token
$headers = @{
    "Authorization" = "Bearer $apiKey"
    "Content-Type" = "application/json"
}

# Send a GET request to list the organizations
try {
    $response = Invoke-RestMethod -Uri $apiUrl -Method Get -Headers $headers
    
    if ($response) {
        Write-Host "Connectivity to Meraki cloud organizations is successful."
        foreach ($org in $response) {
            Write-Host "Organization Name: $($org.name)"
            Write-Host "Organization ID: $($org.id)"
        }
    } else {
        Write-Host "No response from the Meraki cloud."
    }
}
catch {
    Write-Host "Failed to connect to the Meraki cloud."
    Write-Host "Error: $($_.Exception.Message)"
}

Result:

Connectivity to Meraki cloud organizations is successful.
Organization Name: Sxxxxxxxxxxxxx
Organization ID: 6xxxxxxxxxxxxxxxxxx

@giveen
Copy link
Author

giveen commented Oct 10, 2024

Hi @giveen, After analysis of existing code, we made changes into the REST API authorization and making it to get updated as per Cisco Doc. The PR has been raised with changes and currently it is in review state. Meantime, if possible, could you please deploy the below file in which the Auth method has been updated into your environment and let us know the connector has been configured correctly and it pull the data for -

Network Session
Web Session
Audit Event

The custom deployment steps are mentioned into below file : Custom Deployment - CustomDeploymentSteps.docx Template File - mainTemplate.json

Many Thanks!

Deployment template validation failed: 'The template resource '/Microsoft.SecurityInsights/-dc-stc4o2e2yuqjg1.0.0' for type 'Microsoft.OperationalInsights/workspaces/providers/contentTemplates' at line '72' and column '87' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-syntax-resources for usage details.'. (Code: InvalidTemplate)

@v-sudkharat
Copy link
Contributor

Hey @giveen, Today I have check with above scripts Old and New one to check the response for the Org Name and Org Id, and received the successfully response for both of them, there no issue currently having with the old API.

And from our end we can be able to connect the existing connector without any fail:
Image

Let's check with your credentials to our updated connector, I see your getting the deployment error is may due to while deployment of template you did not enter the correct values, so please add below values and re-deploy the template -
Image

@giveen
Copy link
Author

giveen commented Oct 11, 2024

I was able to deploy the template with no issues after adding in my Workspace-location, and Workspace name.

However, after putting in my Org ID and API key from the Data Connectors page, same result of 404.

@giveen
Copy link
Author

giveen commented Oct 14, 2024

@v-sudkharat

If you look at my test script, you will see that Org-ID is no longer needed. When just inputting my API key, Cisco new which Org I belonged too.

@v-sudkharat
Copy link
Contributor

Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently?
And its possible can you share the credentials with us, so we can check it in our environment and understand the error :
Below is the mail ID where you can mail us - [email protected]

@giveen
Copy link
Author

giveen commented Oct 15, 2024

Hi @giveen, Thanks for your response. Did you check the same for cisco end for 404 error? if any permissions or settings required and it should be disable currently? And its possible can you share the credentials with us, so we can check it in our environment and understand the error : Below is the mail ID where you can mail us - [email protected]

Good morning, I will email you from my work email and will reference this .

@v-sudkharat
Copy link
Contributor

Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission.
So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection.
Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.

Thanks!

@giveen
Copy link
Author

giveen commented Oct 17, 2024

Hi @giveen, I see your mail, in that the Workspace ID and sub key has been shared, actually to access it from backend we don't have required permission. So, can we have a quick call on 22 Oct? In a call we will check the template which we have shared are correctly deployed and will check connection. Meantime, could you please confirm once the ORG ID is correct? because with API key in second script you can see the results.

Thanks!

I have confirmed the org id matches my records and go ahead and send me a teams invite.

@v-sudkharat
Copy link
Contributor

Hi @giveen, Due to conflict in Time, let us check and match the meeting availability which suits for both the Time zones:
Meantime, I'm sharing some steps which I was thought to do in call itself. So, could you please follow below steps and let me know if it resolves the issue :

  1. Please go to Content Hub and Uninstall / delete the existing solution:
    Image

  2. Go to the Data Connector blade page and delete that Cisco Meraki connector manually, refer below screenshot to delete it :
    Image

  3. Now do the custom deployment of the Main template file which has been already mentioned in previous comment -

Custom Deployment - CustomDeploymentSteps.docx
Template File - mainTemplate.json

The previous deployment may have not overwrite the data connector and maybe due to that reason the 404 same issue occurred.

Please follow the above steps and let us know your response, so if required we will forward this issue to our concern team to address the issue.

Thanks!

@giveen
Copy link
Author

giveen commented Oct 23, 2024

I removed the connectors
Image

I deployed the template
Image

Verified successful deployment
Image

Made sure my API from Meraki matched
Image

Made sure the API key worked and it returned my org ID
Image

Set up the org ID and API in the data connector
Image

Failed. Same Error

Image

@giveen
Copy link
Author

giveen commented Oct 23, 2024

@v-sudkharat I'm curious if the reason why maybe its failing is because CiscoMerakiIDS logs dont exist on my end? I'm reaching out to my network engineers to ask if we have IDS on our Meraki XR

@v-sudkharat
Copy link
Contributor

@giveen, Sure please.
And could you please confirm did you follow this step as well?
Image

Note: If not, then the new deployed template will not work as it does not overwrite the existing connector, So if not done then please check with following that one and test.

OR you can also deploy the shared template in a new workspace where there is not already cisco Meraki solution has been deployed.

Thanks!

@giveen
Copy link
Author

giveen commented Oct 24, 2024

@v-sudkharat yes, I made sure that it was gone from Data Connectors before adding it. I had to go into the resource group and delete it manually since doing it from within Sentinel itself gave an delete error.

@giveen
Copy link
Author

giveen commented Oct 24, 2024

@v-sudkharat I've confirmed with our Network team that our Meraki XRs do have NIDS

@sh4d0wl0ck
Copy link

Running into the same problem as you are facing here. Just wondering, would this have anything to do with permissions on the account that has generated the API key? Interested to know if this is down to permissions to why data can't be pulled back. Could you confirm what you have set on yours please @v-sudkharat

@v-sudkharat
Copy link
Contributor

Hi @giveen / @sh4d0wl0ck, Could you please open an azure support case, so this issue can be check by our concern data collection team and if required take a call with you.
Please do share the case Id. Thanks!

@v-sudkharat
Copy link
Contributor

@giveen, Could you please share the ticket id with us to follow up on it. Thanks!

@v-sudkharat
Copy link
Contributor

Hi @giveen, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 13-11-2024 date, we will be closing this issue.
Thanks!

@giveen
Copy link
Author

giveen commented Nov 11, 2024 via email

@v-sudkharat
Copy link
Contributor

@giveen, Noted. let us check with our team if have any alternates. Thanks!

@v-sudkharat
Copy link
Contributor

@giveen,
We have initial check in Cisco Meraki end, the 404 is due to the incorrect ORG ID has been entered while configuration of Data connector.
So, could you please find out the correct ORG ID and its API key from below shared steps and add it into the connector-
A. For ORG ID-

  1. Login to Cisco Meraki Dashboard - https://account.meraki.com/login/
  2. Go to the setting -

Image

  1. In Setting scroll down to page -
    Image

  2. You will get the ORG ID here -
    Image

B. For API Key -

  1. Go to My profile -
    Image

  2. Check for the API KEY -
    Image

NOTE: The ORG ID are correctly mapped to API KEY, and also please check for the If multiple ORG have into the cisco side.

Thanks!

@v-sudkharat
Copy link
Contributor

@giveen / @sh4d0wl0ck , Did you get a change to check on above comment. Thanks!

@giveen
Copy link
Author

giveen commented Nov 21, 2024 via email

@v-sudkharat
Copy link
Contributor

Running into the same problem as you are facing here. Just wondering, would this have anything to do with permissions on the account that has generated the API key? Interested to know if this is down to permissions to why data can't be pulled back. Could you confirm what you have set on yours please @v-sudkharat

@giveen, Noted
@sh4d0wl0ck, After following the steps mentioned here - #11248 (comment) , still facing issue?

@giveen
Copy link
Author

giveen commented Dec 17, 2024

@sh4d0wl0ck

@v-sudkharat and I were able to determine that it was a permissions on the Meraki side. He isnt sure what permissions are needed, I'm going to work with my network engineer and see if I can either determine what permissions are needed or if they can generate an API key for me that will work from their higher level.

@v-sudkharat
Copy link
Contributor

@giveen, Ok. Please let us know once it gets done. Thanks!

@v-sudkharat
Copy link
Contributor

@giveen, Any update for us?

@giveen
Copy link
Author

giveen commented Dec 24, 2024

I spoke to my network engineer and he needs to research what permissions are needed for the API key and that not going to happen till after the new year, so I have a service request ticket in with him. So now I'm at the mercy of their schedule.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Connector Connector specialty review needed enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants