- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Snort version and details via API (CVE-2020-1350)
Hi
We have MXs with Advanced Security Licenses.
Recently there was a DNS vuln https://blog.talosintelligence.com/2020/07/microsoft-patch-tuesday-for-july-2020.html.
Just want to find out if we can use API to see whether the snort rules is updated in the MXs or anyway to know how we know if we are protected. (like how we can find out the snort rules installed).
Thanks.
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not aware of where you would find should a mapping.
Just the info below of when the signatures have been updated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you could do this by scanning the event log.
https://dashboard.meraki.com/api_docs/v0#list-the-events-for-the-network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry but is there any specifics you can share?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Search for events containing "snort".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't see snort as part of the event type.
At least when I run the below i don't see Snort.
https://api.meraki.com/api/v0/networks/:networkId/events/eventTypes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about this type?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the GUI i can get it and below is an example
snort_rules_version: 2.9.8.3, source: ids-vrt-security, rules: b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20
I managed to get the commands to get it via API.
Can you shed some light on where can you map the rules b3e3f2e7a2e5b7b509a7dd15e5ef9e679d225a20 to what is defined in that rule? eg the CVE-2020-1350..
Thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not aware of where you would find should a mapping.
Just the info below of when the signatures have been updated.
