Any way to view details of a blocked SQL injection?
Looking at the Security Center I see that in addition to many random attacks trying to find vulnerable products which we don't use there are a couple SQL injection attempts. I'd really like to see the details of those attempts to figure out if they were just random sweeps to find vulnerable sites or if they were targeted attacks looking for specific data likely to be on the site that was attacked. I can't find any way in the dashboard to see details of the attack, only links to general information about what a SQL injection attack is.
Is there some way to see the attack information in more detail or is that information not tracked at all? I'd like to see the actual GET request that contained the SQL.
If not, is there a way to enable tracking of the details for certain types of attacks?
I'm pretty new to Cisco and Meraki hardware so forgive me if this should be obvious.
Does the Inspect Packet of the actual alert work for what you want? The requests for HTTP would obviously be plain text and you can view the whole request sent there but it doesn't work for everything.
Unfortunately the Meraki dashboard doesn't give much info about the attack.
A customer of mine is having an issue with syslog events NOT showing any info on SQLi attacks after changing their IPS from Barracuda to Meraki!
Meraki needs to provide granular configurations in their MX product otherwise security minded professionals will steer away from this box deeming it too simple! They could easily enable an advanced (geek) mode!