- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki MX device IDS descriptions
We have been looking through the Meraki documentation for IDs alerts from the Meraki MX device and the ids descriptions are not very good. For example the description for one alert is:
1377448470.246576346 MX84 ids-alerts signature=119:15:1 priority=2 timestamp=1377448470.238064 direction=egress protocol=tcp/ip src=
I am sure there is a document which gives a better description of the alert but I can't find it. Would someone be able to point me in the correct direction?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The rules are Snort IDs. You can search for them here:
However, I tried searching for this one already ... and it was missing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might be able to find more info in the Snort GitHub.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks I forgot to post the full post which is below and can be found at https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_... the description just says "ids signature matched". Just trying to get a better description as opposed to just guessing the actual meaning.
event description sample
ids-alert ids signature matched 1377448470.246576346 MX84 ids-alerts signature=119:15:1
security_event ids_alerted | ids signature matched | signature=1:28423:1 priority=1 timestamp=1468531589.810079 dhost=98:5A:EB:E1:81:2F direction=ingress protocol=tcp/ip src=151.101.52.238:80 dst=192.168.128.2:53023 message: EXPLOIT-KIT Multiple exploit kit single digit exe detection |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did some more checking and I am beginning to guess that the snort id is 119:15:1 or perhaps just 119:15.