Any way to view details of a blocked SQL injection?

CodeMercenary
Here to help

Any way to view details of a blocked SQL injection?

Looking at the Security Center I see that in addition to many random attacks trying to find vulnerable products which we don't use there are a couple SQL injection attempts. I'd really like to see the details of those attempts to figure out if they were just random sweeps to find vulnerable sites or if they were targeted attacks looking for specific data likely to be on the site that was attacked. I can't find any way in the dashboard to see details of the attack, only links to general information about what a SQL injection attack is. 

 

Is there some way to see the attack information in more detail or is that information not tracked at all? I'd like to see the actual GET request that contained the SQL.

 

If not, is there a way to enable tracking of the details for certain types of attacks?

 

I'm pretty new to Cisco and Meraki hardware so forgive me if this should be obvious. 

3 Replies 3
DHAnderson
Head in the Cloud

I do not see any way to see the actual GET.  I agree that information would be interesting.

Dave Anderson
Cory
Comes here often

Does the Inspect Packet of the actual alert work for what you want?  The requests for HTTP would obviously be plain text and you can view the whole request sent there but it doesn't work for everything.

Mish
Conversationalist

I'm having the same issue.

Unfortunately the Meraki dashboard doesn't give much info about the attack.

A customer of mine is having an issue with syslog events NOT showing any info on SQLi attacks after changing their IPS from Barracuda to Meraki!

Meraki needs to provide granular configurations in their MX product otherwise security minded professionals will steer away from this box deeming it too simple! They could easily enable an advanced (geek) mode!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels