Any way to view details of a blocked SQL injection?
Looking at the Security Center I see that in addition to many random attacks trying to find vulnerable products which we don't use there are a couple SQL injection attempts. I'd really like to see the details of those attempts to figure out if they were just random sweeps to find vulnerable sites or if they were targeted attacks looking for specific data likely to be on the site that was attacked. I can't find any way in the dashboard to see details of the attack, only links to general information about what a SQL injection attack is.
Is there some way to see the attack information in more detail or is that information not tracked at all? I'd like to see the actual GET request that contained the SQL.
If not, is there a way to enable tracking of the details for certain types of attacks?
I'm pretty new to Cisco and Meraki hardware so forgive me if this should be obvious.
Re: Any way to view details of a blocked SQL injection?
Does the Inspect Packet of the actual alert work for what you want? The requests for HTTP would obviously be plain text and you can view the whole request sent there but it doesn't work for everything.