Hi
We have MXs with Advanced Security Licenses.
Recently there was a DNS vuln https://blog.talosintelligence.com/2020/07/microsoft-patch-tuesday-for-july-2020.html.
Just want to find out if we can use API to see whether the snort rules is updated in the MXs or anyway to know how we know if we are protected. (like how we can find out the snort rules installed).
Thanks.
Solved! Go to solution.
I'm not aware of where you would find should a mapping.
Just the info below of when the signatures have been updated.
I think you could do this by scanning the event log.
https://dashboard.meraki.com/api_docs/v0#list-the-events-for-the-network
Sorry but is there any specifics you can share?
Search for events containing "snort".
I don't see snort as part of the event type.
At least when I run the below i don't see Snort.
https://api.meraki.com/api/v0/networks/:networkId/events/eventTypes
How about this type?
From the GUI i can get it and below is an example
snort_rules_version: 2.9.8.3, source: ids-vrt-security, rules: b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20
I managed to get the commands to get it via API.
Can you shed some light on where can you map the rules b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20 to what is defined in that rule? eg the CVE-2020-1350..
Thanks a lot
I'm not aware of where you would find should a mapping.
Just the info below of when the signatures have been updated.