We recently upgraded to the advanced security license and wondering if there is a way to enable/change the Intrusion Detection settings globally for all of or security devices? Is this exposed via the dashboard API?
You can enable intrusion detection by setting the Mode to Detection under Security & SD-WAN > Configure > Threat protection > Intrusion detection and prevention. When enabling intrusion detection, there are three distinct detection rulesets to choose from using the Ruleset selector:
The Balanced ruleset will be selected by default.
You are able to see more in Configuring_Intrusion_Detection_and_Prevention.
Great answer by @GuilhermeMacedo . We use "Security" for 99% of our customers.
If you are using a template and have networks bound to it then you can update the template and that will update every site using it.
I'm not aware of any API to configure this automatically.
For "Content Filtering" we also filter the below four entries for every client, purely for security reasons. Some clients have more categories, but we use this as our baseline.
This gives you an extra layer of defence. Content Filtering to stop them accessing bad things in the first place, and IPS to catch the other things.
How can I get logs about Intrusion detection and Prevention? There`s a report at Meraki dashboard?