Log reference guide/schema for API network and security events

DevK
Here to help

Log reference guide/schema for API network and security events

Hello team,

I am fetching events from below two endpoint:

 

GET /networks/{networkId}/events

GET /organizations/{organizationId}/appliance/security/events

 

I referred the API documentation and I could able to fetch events successfully. However, I'm looking for schema or log reference kind of guide which can elaborate each field and its content.

 

I could only see sample responses in the API documentation, but could not able to find such guide which can explain the fields.

 

Any help would be appreciated.

 

Thank you.

5 Replies 5
RaphaelL
Kind of a big deal
Kind of a big deal

Hi ,

 

If you are looking for the possible events you could try this endpoint : https://developer.cisco.com/meraki/api-v1/#!get-network-events-event-types 

DevK
Here to help

No, I'm looking for a explanation of fields which comes in the event.

For example: There is a deviceName field which comes in the event. What deviceName represents? Is it a device hostname?

I'm looking for explanation of all fields in all events. The endpoint you suggested in above comment just tells you possible event types.

Thank you.

RaphaelL
Kind of a big deal
Kind of a big deal

Well the fields are all explained on the page of your endpoint : 

 

https://developer.cisco.com/meraki/api-v1/#!get-network-events

 

deviceName String
The name of the Meraki device which the list of events will be filtered with
DevK
Here to help

Thank you for your response.

The fields you are saying are actually the parameters to use while querying the API.

I'm looking for event fields explanation. For example, lets check the following event for endpoint

GET /organizations/{organizationId}/appliance/security/events:

 

{
"ts": "2022-02-22T13:11:34.643074Z",
"eventType": "IDS Alert",
"deviceMac": "xx:xx:xx:xx:xx:xx",
"clientMac": "xx:xx:xx:xx:xx:xx",
"srcIp": "xxx:xx:xxx:xx:1234",
"destIp": "xxx:xx:xxx:xx:5678",
"protocol": "udp/ip",
"priority": "1",
"classification": "12",
"blocked": true,
"message": "(spo_bo) Back Orifice Client Traffic detected",
"signature": "105:2:2",
"sigSource": "ips",
"ruleId": "GID/105/SID/2"
}

 

What I'm looking for the is definition/explanation of each field, like what is clientMac, what is classification etc.. 

Still_Learning
New here

I know it's 2 years late however, I've just stumbled across this trying to source the exact same information. The closest I've got to answer is - https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering_Powere...

And then click on the link to BrightCloud. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels