Meraki

BS · ‎Nov 28 2018

Hi All,

I'm looking for some documentation or your inputs on SIEM integration with Meraki MX products.

Is there any specific requirements? is it possible ? anyone using it?

Regards

BS

NolanHerring · ‎Nov 28 2018

Well not many options to choose from, but I just figured the wireless event log for example is probably not relevant to what he is looking for. 😃

Nolan Herring | nolanwifi.com

NolanHerring · ‎Nov 28 2018

The only thing I know of is using syslog for security/IDS events to a 3rd party SIEM collector.

Nolan Herring | nolanwifi.com

BS · ‎Nov 28 2018

Thanks Nolan

Is it just pointing to the SIEM IP address?

NolanHerring · ‎Nov 28 2018

Far as I know yes, just the IP address via syslog option. Just filter the syslog to only send IDS

Nolan Herring | nolanwifi.com

jdsilva · ‎Nov 28 2018

IMO I wouldn't filter the Syslog form the MX. All that flow data can be ingested by a SIEM as well. If it was me I'd send everything available.

NolanHerring · ‎Nov 28 2018

Well not many options to choose from, but I just figured the wireless event log for example is probably not relevant to what he is looking for. 😃

Nolan Herring | nolanwifi.com

jdsilva · ‎Nov 28 2018

@NolanHerring Wireless logs aren't available from an MX. You must be looking at a combined network 🙂

NolanHerring · ‎Nov 28 2018

Oh I am. Good point 😃

Nolan Herring | nolanwifi.com

Community