Meraki

achowsy · ‎Jul 18 2020

Hi

We have MXs with Advanced Security Licenses.

Recently there was a DNS vuln https://blog.talosintelligence.com/2020/07/microsoft-patch-tuesday-for-july-2020.html.

Just want to find out if we can use API to see whether the snort rules is updated in the MXs or anyway to know how we know if we are protected. (like how we can find out the snort rules installed).

Thanks.

PhilipDAth · ‎Jul 24 2020

I'm not aware of where you would find should a mapping.

Just the info below of when the signatures have been updated.

View solution in original post

PhilipDAth · ‎Jul 18 2020

I think you could do this by scanning the event log.

https://dashboard.meraki.com/api_docs/v0#list-the-events-for-the-network

achowsy · ‎Jul 21 2020

Sorry but is there any specifics you can share?

PhilipDAth · ‎Jul 21 2020

Search for events containing "snort".

achowsy · ‎Jul 22 2020

I don't see snort as part of the event type.

At least when I run the below i don't see Snort.

https://api.meraki.com/api/v0/networks/:networkId/events/eventTypes

PhilipDAth · ‎Jul 22 2020

How about this type?

achowsy · ‎Jul 24 2020

From the GUI i can get it and below is an example

snort_rules_version: 2.9.8.3, source: ids-vrt-security, rules: b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20

I managed to get the commands to get it via API.

Can you shed some light on where can you map the rules b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20 to what is defined in that rule? eg the CVE-2020-1350..

Thanks a lot

PhilipDAth · ‎Jul 24 2020

I'm not aware of where you would find should a mapping.

Just the info below of when the signatures have been updated.

Meraki

Community

Snort version and details via API (CVE-2020-1350)

Snort version and details via API (CVE-2020-1350)