Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Snort version and details via API (CVE-2020-1350)

Solved
achowsy
Comes here often
‎Jul 18 2020 11:09 AM
‎Jul 18 2020 11:09 AM

Snort version and details via API (CVE-2020-1350)

Hi 

 

We have MXs with Advanced Security Licenses.  

 

Recently there was a DNS vuln https://blog.talosintelligence.com/2020/07/microsoft-patch-tuesday-for-july-2020.html.

 

Just want to find out if we can use API to see whether the snort rules is updated in the MXs or anyway to know how we know if we are protected.  (like how we can find out the snort rules installed).

 

Thanks.

0 Kudos
1 Accepted Solution
In response to achowsy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 24 2020 11:52 AM
‎Jul 24 2020 11:52 AM

I'm not aware of where you would find should a mapping.

 

Just the info below of when the signatures have been updated.

View solution in original post

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 18 2020 1:32 PM
‎Jul 18 2020 1:32 PM

I think you could do this by scanning the event log.

https://dashboard.meraki.com/api_docs/v0#list-the-events-for-the-network 

In response to PhilipDAth
achowsy
Comes here often
‎Jul 21 2020 10:46 PM
‎Jul 21 2020 10:46 PM

Sorry but is there any specifics you can share?

0 Kudos
In response to achowsy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 21 2020 11:18 PM
‎Jul 21 2020 11:18 PM

Search for events containing "snort".

0 Kudos
In response to PhilipDAth
achowsy
Comes here often
‎Jul 22 2020 10:51 AM
‎Jul 22 2020 10:51 AM

I don't see snort as part of the event type.

 

At least when I run the below i don't see Snort.

https://api.meraki.com/api/v0/networks/:networkId/events/eventTypes

0 Kudos
In response to achowsy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 22 2020 5:55 PM
‎Jul 22 2020 5:55 PM

How about this type?

 

PhilipDAth_0-1595465745260.png

 

0 Kudos
In response to PhilipDAth
achowsy
Comes here often
‎Jul 24 2020 10:57 AM
‎Jul 24 2020 10:57 AM

From the GUI i can get it and below is an example

 

snort_rules_version: 2.9.8.3, source: ids-vrt-security, rules: b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20

 

I managed to get the commands to get it via API.

 

Can you shed some light on where can you map the rules b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20 to what is defined in that rule? eg the CVE-2020-1350..

 

Thanks a lot

0 Kudos
In response to achowsy
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 24 2020 11:52 AM
‎Jul 24 2020 11:52 AM

I'm not aware of where you would find should a mapping.

 

Just the info below of when the signatures have been updated.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.