cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dashboard API - Security Events - End-points returned only partial sets of data

Highlighted
Comes here often

Dashboard API - Security Events - End-points returned only partial sets of data

We encountered a strange behavior with some Dashboard APIs, which are returning only partial data sets.

 

In the Dashboard API documentation related to security events for example, we have the following:

 

  • t0: "The beginning of the timespan for the data. The maximum lookback period is 365 days from today."
  • t1: "The end of the timespan for the data. t1 can be a maximum of 365 days after t0"

 

(https://developer.cisco.com/meraki/api/#/rest/api-endpoints/security-events/get-network-security-eve...)

 

We have extended our easy-Meraki app in order to implement these endpoints and add a few dashboards and auto-remediations.

 

Once tested, we had the following results:

 

  • no problem to retrieve December 2019 events, the responses are accurate compared to the data exposed in the security center;
  • for all other months (prior to December), the calls returned empty lists;
  • with a very large timespan (instead of t0/t1), we retrieved more items but clearly not all the events (of course, we are far below the number of returned events limit).

 

Can someone confirm this behavior or there is an error on our side?

If it's a bug, anyone has a workaround to make it works before the fix?

 

Thank you for your feedback.

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Dashboard API - Security Events - End-points returned only partial sets of data

This sounds like a bug and you'll have to go through the trouble of opening a support case.

Highlighted
Comes here often

Re: Dashboard API - Security Events - End-points returned only partial sets of data

Thank you Philip for your swift answer.

 

Indeed, that was my first reflex.

 

I have opened a case a few hours ago but it was closed instantly because they do not provide support on Meraki Dashboard APIs and have no capability to forward the case to anyone who can investigate.

 

And they have suggested me to post here.

Highlighted
Kind of a big deal

Re: Dashboard API - Security Events - End-points returned only partial sets of data

They can provide support - but my experience is it can take months to get something resolved.  They are not skilled in this area.

 

Can you post the smallest possible code snippet to re-produce the issue and I'll try it on one my orgs and see if I get the same issue.

Highlighted
Comes here often

Re: Dashboard API - Security Events - End-points returned only partial sets of data

Sure Philip.

The easiest way is probably to use the Postman collection but I can also provide you with some node or python code if needed.

 

For Postman:

 

a GET on 

https://api.meraki.com/api/v0/networks/{{YOUR_NETWORK_ID}}/securityEvents?t0=1572562800&t1=1575154799&perPage=1000

 

Should returns the security events between:

Friday, November 1, 2019 12:00:00 AM GMT+01:00 and Saturday, November 30, 2019 11:59:59 PM GMT+01:00

 

On our side => Empty.

And it's very unlikely 😉

 

You can try for any other period prior December.

For July for example with the following t0: 1561932000 and t1: 1564610399

 

On the other way around, for December, we have some results with the following t0 : 1575154800 and t1: 1577833199

 

 

Highlighted
Meraki Employee

Re: Dashboard API - Security Events - End-points returned only partial sets of data

@c-o-e Meraki support absolutely does provide support for Dashboard APIs, so if the engineer assigned to your case closed it for that reason, that was a mistake and we apologize. Do you happen to have a case number we could reference, so we can correct that for the future?

 

To @PhilipDAth's point about ability/willingness, different engineers have strengths in different areas, and there are some who do specialize in APIs. If a support engineer is not able to help with an API issue well enough, they should consult with another engineer who can.

Cameron Moody | Documentation Manager, Cisco Meraki
Highlighted
Kind of a big deal

Re: Dashboard API - Security Events - End-points returned only partial sets of data

@DexterLaBora Could you or one of your folks advise here?

Highlighted
Meraki Employee

Re: Dashboard API - Security Events - End-points returned only partial sets of data

I see the same thing, and it seems like only the last month's worth of security events are returned for both the per-network and per-organization scoped endpoints.

 

With a query like securityEvents?perPage=1000&t0=2019-12-01Z00:00&t1=2019-12-31Z00:00, only the events starting on 12/8 or 12/9 (depending on network/org) are returned. The same thing happens when trying to use securityEvents?perPage=1000&timespan=31536000 (number of seconds in a year).

 

Definitely seems like a bug; can you PM me the case number please. @c-o-e?

Solutions Architect @ Cisco Meraki | API & Developer Ecosystem
Highlighted
Comes here often

Re: Dashboard API - Security Events - End-points returned only partial sets of data

Good to know i'm not crazy 😉

 

I just sent you the case number in a private message.

Thank you for your time.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.