Meraki MX Threat Feed

New here

Meraki MX Threat Feed

have no experience with API's (learning them now so please be gentle) 


would like to pull down an IP block list threat feed daily (hourly would be preferred)


and have this added to the rule base in all of our Meraki MX Gateways ~500.


the above list is a sampling of a threat feed we've built that uses CIDR notation and contains several thousand IP addresses to block.


can someone guide me on how they've done this in the past or help me write out the API (for multiple gateways not jsut one) 


in an ideal world once this is done it will be automated and update hourly and i wont have to touch it.

Kind of a big deal

Check this one. I will also check if I can that reference with multiple gatways!introduction/meraki-dashboard-api

Cisco IT Blogs awarded in 2020 & 2021
Kind of a big deal

I think this is going the wrong way - and you would be better off using the built IPS and security content filtering ...


If you want to proceed, and because you have 500 sites, I would use network policy objects.  Policy objects are available for use in every network.  If you update a policy object, it is automatically updated for every network that references them.

You could create a network object group called something like "emerging-threats".  Create a single outbound firewall rule in every network to do a "deny all" to anything in this group.


Related APis for policy objects:!delete-organization-policy-objects-group!delete-organization-policy-object 

Kind of a big deal

I don't think this is the way you should do it - that you should use network policy objects - but I noticed one of my scripts can do a lot of what you want. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.