MX Advanced Security & SolarWinds breach

SOLVED
GrahamG
Here to help

MX Advanced Security & SolarWinds breach

Have the FireEye Snort rules to detect SunBurst IOCs been incorporated into MX Advanced Security IDS/IPS?

1 ACCEPTED SOLUTION

Accepted Solutions
UCcert
Kind of a big deal

Re: MX Advanced Security & SolarWinds breach

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

5 REPLIES 5
UCcert
Kind of a big deal

Re: MX Advanced Security & SolarWinds breach

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

GrahamG
Here to help

Re: MX Advanced Security & SolarWinds breach

Thanks, Darren. I do see daily snort rule updates.

ChesterX
Comes here often

Re: MX Advanced Security & SolarWinds breach

What "event type" do you search for to see this?

UCcert
Kind of a big deal

Re: MX Advanced Security & SolarWinds breach

Hi @ChesterX , see screenshot

 

B002361B-DAAB-4AB4-82F0-F91FB8B32EAC.png

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
ChesterX
Comes here often

Re: MX Advanced Security & SolarWinds breach

Thank you!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.