MX Advanced Security & SolarWinds breach

Solved
GrahamG
Here to help

MX Advanced Security & SolarWinds breach

Have the FireEye Snort rules to detect SunBurst IOCs been incorporated into MX Advanced Security IDS/IPS?

1 Accepted Solution
DarrenOC
Kind of a big deal
Kind of a big deal

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal

Hi Graham, look into your Event log on the MX and do a search for update.  You’ll see that the snort rules have been updated quite a few times recently 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
GrahamG
Here to help

Thanks, Darren. I do see daily snort rule updates.

ChesterX
Here to help

What "event type" do you search for to see this?

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @ChesterX , see screenshot

 

B002361B-DAAB-4AB4-82F0-F91FB8B32EAC.png

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
ChesterX
Here to help

Thank you!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels