cancel
Showing results for 
Search instead for 
Did you mean: 

Security Reporting

SOLVED
Conversationalist

Security Reporting

Good Morning!

Let me know if this would be better under the Meraki administration section...

 

I'm wondering what everyone uses for historical Cisco Meraki MX security reports?

I find the Security Center is very robust and great for looking at data up to a month old however it does not provide the functionality to go back further.

 

If I want to breakdown Summary Report information by quarter I can do that, but not so with the Security Center report. I do have regularly scheduled e-mail reports that come in on a daily basis but I'd like a way to view historical information.

 

I'm preparing a 2018 report, does anyone know of a way that the data can be looked up historically and/or can the Security Center data be exported to a third party application meant specifically for historical reporting and analysis?

 

Thank you for your assistance!

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Security Reporting

Aaron Willette has an excellent blog post about Meraki's logging:

http://www.willette.works/meraki-event-logs/

 

Syslog can bring your logs into a SIEM:

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

 

If you need more details about an incident, you should get them within the 1 month retention. You could setup alerting based on the priority score so you're triggered by your SIEM to do something.

 

You could also setup scheduled reporting via e-mail about the security events:

2019-02-18 18_25_33-Greenshot.png

 

You could also use the API, but at the moment, it only has the client specific call, so that's very limited:

{{baseUrl}}/networks/{{networkId}}/clients/{{clientId}}/securityEvents?perPage=100

 

More info:

https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#de844141-5d03-4ba5-80f8-62...

 

4 REPLIES 4
Kind of a big deal

Re: Security Reporting

Aaron Willette has an excellent blog post about Meraki's logging:

http://www.willette.works/meraki-event-logs/

 

Syslog can bring your logs into a SIEM:

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

 

If you need more details about an incident, you should get them within the 1 month retention. You could setup alerting based on the priority score so you're triggered by your SIEM to do something.

 

You could also setup scheduled reporting via e-mail about the security events:

2019-02-18 18_25_33-Greenshot.png

 

You could also use the API, but at the moment, it only has the client specific call, so that's very limited:

{{baseUrl}}/networks/{{networkId}}/clients/{{clientId}}/securityEvents?perPage=100

 

More info:

https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#de844141-5d03-4ba5-80f8-62...

 

Highlighted
Kind of a big deal

Re: Security Reporting

You could consider using a product like Cisco Stealthwatch Cloud, but it is a tad pricy so usually suited to larger organisations.

https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html

 

As @BrechtSchamp  says, this works by funneling the logs to it.  Note that it can collect logs from other kinds of devices as well (including things like Amazon AWS), so is a more encompassing security monitoring tool.

Conversationalist

Re: Security Reporting

Thank you both for your responses!

I do have scheduled e-mail reports for both daily and more recently monthly. I was looking to pull data for an end-year report and finding that difficult. At least with the monthly reports we can compile 12 reports into an end of year report in 2019.

 

I was kind of thinking this might be better looked at through the lens of SIEM and could be reported on through there.

 

I'll check out that blog post as well - appreciate the feedback!

 

 

New here

Re: Security Reporting

Security Center logging is now down to two weeks. Are sales of Stealthwatch Cloud too slow for Cisco I wonder?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.