Cisco Meraki
LAST UPDATED: AUGUST 22, 2025
Overview
Cisco Meraki is the leader in cloud controlled WiFi, routing, and security. Secure and scalable, learn how Cisco Meraki enterprise networks simply work.
D3 SOAR is providing REST operations to function with Cisco Meraki. Cisco Meraki is available for use in:
Known Limitations
See Meraki Rate Limit.
Connection
To connect to Cisco Meraki from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | Meraki API server URL at the domain level. | https://api.meraki.com |
API Key | The API Key generated on the Meraki dashboard for API authentication. | ***** |
API Version | The API version. The default version is v1. | v1 |
Configuring Cisco Meraki to Work with D3 SOAR
Login to Cisco Meraki at account.meraki.com/login/local.
Navigate to the API & Webhooks page.
Hover your cursor over the Organization navigation menu in the left sidebar.
Click on the API & webhooks menu item.
Navigate to the API keys and access tab, then click on the Generate API key button.
Store the API key for subsequent use, then click on the Done button.
READER NOTE *
Each Cisco Meraki profile supports a maximum of two API keys. Once two keys are generated, the Generate API Key button becomes inactive. To create a new key, one of the existing keys must first be revoked.
Configuring D3 SOAR to Work with Cisco Meraki
Log in to D3 SOAR.
Find the Cisco Meraki integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Cisco Meraki in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Cisco Meraki.
-20250822-233753.png?inst-v=9d16beaf-952a-4ae4-8fe8-e35f7a3745da)
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL. The default value is https://api.meraki.com.
2. Input the API Key obtained from the Cisco Meraki platform.
3. Input the API Version. The default value is v1.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active. To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Cisco Meraki includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Cisco Meraki API, please refer to the Cisco Meraki API Reference.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Global Image Repository
Choose your desired date and time format.
Global Image Repository
Afterward, the preferred time format will be visible when configuring the DateTime input parameters for commands.
Block IPs
Blocks traffic to the specified IP addresses by adding a rule to the Cisco Meraki MX Layer-3 firewall.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The ID of the network where Layer-3 firewall rules are updated. The Network ID can be obtained using the List Organization Networks command. | N_64*****1572 |
Append | Optional | If True, the new rule will be appended to the existing rules. If False, the new rule will override the existing rules. By default, the value is True. | True |
Destination IPs | Required | The destination IP addresses in IP or CIDR notation, or fully qualified domain names (FQDNs). |
JSON
|
Comment | Optional | The description of the rule. | Block traffic to destinations |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Block IPs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Block IPs command failed to get L3 firewall rules by Network ID. |
Error Sample Data Block IPs failed. Status Code: 401. Message: Block IPs command failed to get L3 firewall rules by Network ID. |
Fetch Event
Ingests Meraki Organization Appliance Security Events or network alerts. Refer to https://developer.cisco.com/meraki/webhooks/ for webhook configuration.
READER NOTE
Organization ID is a required parameter to run this command.
Run the List Organizations command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $[*].id.
There are two event types: Webhook Alerts and Organization Appliance Security Events. Running this command in D3 vSOC retrieves Organization Appliance Security Events. Using a webhook retrieves Webhook Alerts. The two event types contain different raw data.
Input
Input Parameter | Required/Optional | Description | Example |
Organization ID | Required | The ID of the organization used to ingest organization appliance security events. Organization ID can be obtained using the List Organizations command. | ***** |
Start Time | Optional | The start of the timespan for ingesting organization appliance security events. If not specified, the default start time is 31 days prior to the End Time. The earliest possible start time is 365 days from today. | 2024-07-23 00:00 |
End Time | Optional | The end of the timespan for ingesting the organization appliance security events. If not specified, the default End Time is the current time. The End Time cannot be set earlier than the Start Time. | 2024-07-24 00:00 |
Number of Events Fetched | Optional | The number of events returned. The acceptable range is from 3 to 1000. If not specified, all events matching the time range will be returned. | 100 |
Output
To view the sample output data for all commands, refer to this article.
Fetch Event Field Mapping
Fetch Event commands require event field mapping. Field mapping plays a key role in the data normalization process part of the event pipeline. Field mapping converts the original data fields from the different providers to the D3 fields which are standardized by the D3 Model. Refer to Field Mappings for details.
The + Add Field option adds a custom field mapping. Built-in field mappings can be removed by clicking x. The system automatically prefixes two underscore characters to the defined Field Name to create the System Name for a custom field mapping. If the input Field Name contains spaces, the system automatically replaces them with underscores in the corresponding System Name.
The Cisco Meraki integration in D3 SOAR has some pre-configured field mappings for the Webhook Alert and Organization Appliance Security Events, which correspond to the Default Event Source and Event Source for Organization Appliance Security Events mappings:
Default Event Source
Configures the field mapping which are specific to the Webhook Alerts. If a source field in the field mapping is not found, the corresponding field mapping will be ignored. The default event source has a "Main Event JSON Path" (i.e., $.) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the "Main Event JSON Path".
Main Event JSON Path: $
The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
For example, the root node of a JSON Path is $. The child node denoting the Device Serial field would be deviceSerial. Putting it together, the JSON Path expression to extract the Device Serial is $.deviceSerial.
Event Source for Organization Appliance Security Events
Click Edit Event Source to view the Search String.
Configures the field mapping which are specific to the Organization Appliance Security Events (eg. Blocked and Canonical Name). If a source field in the field mapping is not found, the corresponding field mapping will be ignored. Because the Type field in the raw data for Organization Appliance Security Events consistently has the value OrganizationApplianceSecurityEvents, these events can be identified by the Search String: {Type}=OrganizationApplianceSecurityEvents.
The pre-configured field mappings are detailed below:
Field Name | Source Field |
Default Event Source (Main Event JSON Path: $) | |
Document ID | .alertId |
Start Time | .occurredAt |
Description | .notes |
Alert type | .alertType |
Severity | .alertLevel |
Organization Name | .organizationName |
Organization ID | .organizationId |
Network Name | .networkName |
Network ID | .networkId |
Device | .deviceName |
Device MAC address | .deviceMac |
Device Serial | .deviceSerial |
Device Tags | .deviceTags |
Device Product | .deviceModel |
Product Types | .productTypes |
Sub Event | .alertData |
Event Source for Organization Appliance Security Events (Search String: {Type}=OrganizationApplianceSecurityEvents) The search string format is {JSON path}=value. If the value of the Type key is OrganizationApplianceSecurityEvents in the event object under raw data, then the field mapping below will be used. | |
Document ID | .EventID |
Start Time | .ts |
Event Type | .eventType |
Hostname | .clientName |
Device MAC address | .deviceMac |
Device IP address | .clientIp |
Source IP address | .srcIp |
Destination IP address | .destIp |
Protocol info | .protocol |
URL | .uri |
Destination port | .destinationPort |
Canonical Name | .canonicalName |
File Hash | .fileHash |
File Type | .fileType |
Filesize | .fileSizeBytes |
Disposition | .disposition |
Action taken | .action |
Client MAC Address | .clientMac |
Priority | .priority |
Classification | .classification |
Blocked | .blocked |
Message | .message |
Signature | signature |
Rule ID | .ruleId |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Fetch Event failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Start Time parameter cannot be before current time. |
Error Sample Data Fetch Event failed. Status Code: 400. Message: Start Time parameter cannot be before current time. |
Get Device
Retrieves devices by serial numbers.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The network ID to get the device. Network ID can be obtained using the List Organization Networks command. | L_64*****4961 |
Serial Number | Required | The serial numbers to get the device. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Device failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Device failed. Status Code: 401. Message: No valid authentication method found. |
Get Device List
Retrieves devices by network ID.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The network ID used to retrieve the device. Network ID can be obtained using the List Organization Networks command. | L_64*****4961 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Device List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Device List failed. Status Code: 401. Message: No valid authentication method found. |
Get Firewall Rules
Retrieves the firewall rules by SSID.
READER NOTE
Network ID and Organization ID are required parameters to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Run the List Organizations command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The network ID to get firewall rules. Network ID can be obtained using the List Organization Networks command. | N_64*****3966 |
SSID Number | Required | The SSID to get firewall rules. | 0 |
Organization ID | Required | The organization ID to get firewall rules. Organization ID can be obtained using the List Organizations command. | 6417*****3966 |
Firewall Type | Required | The firewall type to get firewall rules. | mxl3 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Firewall Rules failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Firewall Rules failed. Status Code: 401. Message: No valid authentication method found. |
Get L3 Firewall Rules
Get L3 Firewall Rules of the given MX Network Appliance Firewall.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The ID of the network where Layer-3 firewall rules are updated. The Network ID can be obtained using the List Organization Networks command. | N_64*****1572 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get L3 Firewall Rules failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get L3 Firewall Rules failed. Status Code: 403. Message: No valid authentication method found. |
Get Network Alerts History
Retrieves the alert history for the specified network.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The ID of the network used to retrieve alerts history. Network ID can be obtained using the List Organization Networks command. | N_64*****1572 |
Page Size | Optional | The number of entries returned per page. The acceptable range is 3 to 1000, with a default value of 100. | 10 |
Starting After | Optional | The token used by the server to indicate the start of the page. This is often but not limited to a timestamp or an ID. This parameter should not be defined by client applications. The link for the first, last, previous, or next page in the HTTP Link header should define it. | <StartingAfter> |
Ending Before | Optional | The token used by the server to indicate the end of the page. This is often but not limited to a timestamp or an ID. This parameter should not be defined by client applications. The link for the first, last, previous, or next page in the HTTP Link header should define it. | <EndingBefore> |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Network Alerts History failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Network Alerts History failed. Status Code: 401. Message: No valid authentication method found. |
Get Network Events
Retrieves the events for the specified network.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The ID of the network used to retrieve alerts history. You can obtain the Network ID using the List Organization Networks command. | N_64*****1572 |
Product Type | Optional | The type of product for which to fetch events. This parameter is required for networks with multiple device types. Valid types include wireless, appliance, switch, systemsManager, camera, and cellularGateway. | Appliance |
Device Mac | Optional | The MAC address of the Meraki device used to filter the list of events. | **:**:**:**:**:** |
Device Serial | Optional | The serial number of the Meraki device used to filter the list of events. | Q234-*****-5678 |
Device Name | Optional | The name of the Meraki device used to filter the list of events. | My AP |
Client IP | Optional | The IP address of the client used to filter the list of events. This parameter is only supported for track-by-IP networks. | 1.2.3.4 |
Client Mac | Optional | The MAC address of the client used to filter the list of events. This parameter is only supported for track-by-MAC networks. | **:**:**:**:**:** |
Client Name | Optional | The name, or partial name, of the client used to filter the list of events. | clientName |
SM Device Mac | Optional | The MAC address of the Systems Manager device used to filter the list of events. | smDeviceMac |
SM Device Name | Optional | The name of the Systems Manager device used to filter the list of events. | smDeviceName |
Page Size | Optional | The number of entries returned per page. The acceptable range is 3 to 1000, with a default value of 100. | 10 |
Starting After | Optional | The token used by the server to indicate the start of the page. This is often but not limited to a timestamp or an ID. This parameter should not be defined by client applications. The link for the first, last, previous, or next page in the HTTP Link header should define it. | <StartingAfter> |
Ending Before | Optional | The token used by the server to indicate the end of the page. This is often but not limited to a timestamp or an ID. This parameter should not be defined by client applications. The link for the first, last, previous, or next page in the HTTP Link header should define it. | <EndingBefore> |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Network Events failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Network Events failed. Status Code: 401. Message: No valid authentication method found. |
Get Organization Webhooks Alert Types
Returns a list of alert types for managing webhook alerts. This command can be used for Fetch Event field mappings.
READER NOTE
Organization ID is a required parameter to run this command.
Run the List Organizations command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Organization ID | Required | The IDs of the organization for which to retrieve webhook alert types. Organization ID can be obtained using the List Organizations command. | 6417*****6859 |
Product Type | Optional | Filters sample alerts by a specific product type. If not specified, sample alerts for all product types will be returned. | Appliance |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Organization Webhooks Alert Types failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get Organization Webhooks Alert Types failed. Status Code: 401. Message: No valid authentication method found. |
Get SSIDs
Retrieves SSIDs by network ID.
Input
Input Parameter | Required/Optional | Description | Example |
SSID Number | Required | The SSID used to obtain the network ID. | L_64*****4961 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get SSIDs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Get SSIDs failed. Status Code: 401. Message: No valid authentication method found. |
List Destinations
Retrieves destinations in the specified destination lists.
READER NOTE
Organization ID is a required parameter to run this command.
Run the List Organizations command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Organization ID | Required | The ID of the organization associated with the destination list for retrieving destinations. The Organization ID can be obtained using the List Organizations command. | 6417*****6859 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Destinations failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data List Destinations failed. Status Code: 401. Message: No valid authentication method found. |
List Organization Networks
Retrieves the organizations network that the user has privileges on.
READER NOTE
Organization ID is a required parameter to run this command.
Run the List Organizations command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Organization ID | Required | The IDs of the organization from which to retrieve networks. Organization ID can be obtained using the List Organizations command. | 6417*****6859 |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Organization Networks failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data List Organization Networks failed. Status Code: 401. Message: No valid authentication method found. |
List Organizations
Retrieves the organizations to which the user has access privileges.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Organizations failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data List Organizations failed. Status Code: 401. Message: No valid authentication method found. |
Remove Device
Removes devices by serial number.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The network ID used to remove the device. Network ID can be obtained using the List Organization Networks command. | N_61*****3966 |
Serial Number | Required | The serial numbers used to remove the device. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove Device failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Remove Device failed. Status Code: 401. Message: No valid authentication method found. |
Update Device
Update devices by serial numbers.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The network ID used to update the device. Network ID can be obtained using the List Organization Networks command. | N_641*****3966 |
Serial Number | Required | The serial numbers used to update the device. |
JSON
|
Update Attributes | Required | The attributes, in JSON format, used to update the device. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Device failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: No valid authentication method found. |
Error Sample Data Update Device failed. Status Code: 401. Message: No valid authentication method found. |
Update L3 Firewall Rules
Update existing L3 Firewall rules to the given Cisco Meraki MX L3 firewall.
READER NOTE
Network ID is a required parameter to run this command.
Run the List Organization Networks command to obtain the Network ID. Network IDs can be found in the raw data at the path $[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Network ID | Required | The ID of the network where Layer-3 firewall rules are updated. The Network ID can be obtained using the List Organization Networks command. | N_641*****1572 |
Append | Optional | If True, the new rules will be appended to the existing rules. If False, the new rules will override the existing rules except the default rule. By default, the value is True. | True |
Rules | Required | The firewall rule JSON array to update. Each rule requires the parameters "policy," "protocol," "srcCidr," and "dstCidr." |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update L3 Firewall Rules failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: You must have a valid Support account to call this API. |
Error Sample Data Update L3 Firewall Rules failed. Status Code: 403. Message: You must have a valid Support account to call this API. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors: - A connection issue with the integration - The API returned an error message - No response from the API You can view more details about an error in the Error tab. | String |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Cisco Meraki portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: You must have a valid Support account to call this API. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 401. Message: You must have a valid Support account to call this API. |