Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX Threat Feed

skippy
New here
‎Jan 6 2023 8:34 AM
‎Jan 6 2023 8:34 AM

Meraki MX Threat Feed

have no experience with API's (learning them now so please be gentle) 

 

would like to pull down an IP block list threat feed daily (hourly would be preferred) 

 

https://rules.emergingthreats.net/blockrules/compromised-ips.txt

 

and have this added to the rule base in all of our Meraki MX Gateways ~500.

 

the above list is a sampling of a threat feed we've built that uses CIDR notation and contains several thousand IP addresses to block.

 

can someone guide me on how they've done this in the past or help me write out the API (for multiple gateways not jsut one) 

 

in an ideal world once this is done it will be automated and update hourly and i wont have to touch it.

Labels:
0 Kudos
Subscribe
3 Replies 3
Inderdeep
Kind of a big deal
Kind of a big deal
‎Jan 6 2023 3:52 PM
‎Jan 6 2023 3:52 PM

Check this one. I will also check if I can that reference with multiple gatways

https://developer.cisco.com/meraki/api-v1/#!introduction/meraki-dashboard-api

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2023 12:18 PM
‎Jan 8 2023 12:18 PM

I think this is going the wrong way - and you would be better off using the built IPS and security content filtering ...

 

If you want to proceed, and because you have 500 sites, I would use network policy objects.  Policy objects are available for use in every network.  If you update a policy object, it is automatically updated for every network that references them.

You could create a network object group called something like "emerging-threats".  Create a single outbound firewall rule in every network to do a "deny all" to anything in this group.

 

Related APis for policy objects:

https://developer.cisco.com/meraki/api-v1/#!delete-organization-policy-objects-group 

https://developer.cisco.com/meraki/api-v1/#!delete-organization-policy-object 

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2023 12:29 PM
‎Jan 8 2023 12:29 PM

I don't think this is the way you should do it - that you should use network policy objects - but I noticed one of my scripts can do a lot of what you want.

https://www.ifm.net.nz/cookbooks/mfw.html 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.