I checked all our devices and tried a few different snort signatures on each, and I found an egress suspicious TLD query signature that let me inspect it. Other signatures on the same device did not have the option. Why does it vary per signature?
Also the Source column in the MX Events table shows a tiny "Meraki Network OS" under the hostname for signatures that I can inspect too, if that is of any help.
Just went to the customers dashboard where I could see the inspect packet report. Even seems hit and miss there also. Out of multiple events I could only see one which gave me the inspect packet option
Darren O'Connor | uccert.co.uk https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.