MX Advanced Security & SolarWinds breach

SOLVED
GrahamG
Here to help

MX Advanced Security & SolarWinds breach

Have the FireEye Snort rules to detect SunBurst IOCs been incorporated into MX Advanced Security IDS/IPS?

1 ACCEPTED SOLUTION
UCcert
Kind of a big deal

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

5 REPLIES 5
UCcert
Kind of a big deal

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

Thanks, Darren. I do see daily snort rule updates.

What "event type" do you search for to see this?

UCcert
Kind of a big deal

Hi @ChesterX , see screenshot

 

B002361B-DAAB-4AB4-82F0-F91FB8B32EAC.png

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Thank you!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels