Thanks, @PhilipDAth. The change log idea sounds like a good compensating control. ... View more

You could use WebHooks as @CN and combine it with a commercial service like Pager Duty.  Then you could develop a more formal workflow for processing alerts of different types.   https://developer.cisco.com/meraki/build/meraki-alerts-with-pagerduty/  ... View more

These are not span sessions like you have on catalyst switches but only temporary mirrors. I'm not even sure if the destination port even replicates the encapsulation or not or if it keeps it untagged or tags it always depending on the source VLAN. At the moment you can only use netflow data to send to your security collector.   Maybe in the future the MS390 will support encrypted traffic analytics like Catalyst does and that could be a better way to support your case. ... View more

The end goal is a document of best practices around secure design and configuration as it relates to Meraki devices. If we look at the CIS benchmarks for other vendor equipment, it provides detailed info on what to configure and step-by-step on how to configure the devices to provide a secure baseline config. Vulnerability scanners, such as Rapid7, even have policy scans using the CIS benchmarks where you can scan that equipment and see how it matches up against the benchmarks, which is extremely handy when working with the teams to guide them on improving security on their devices.  ... View more