Hello team,
I am fetching events from below two endpoint:
GET /networks/{networkId}/events
GET /organizations/{organizationId}/appliance/security/events
I referred the API documentation and I could able to fetch events successfully. However, I'm looking for schema or log reference kind of guide which can elaborate each field and its content.
I could only see sample responses in the API documentation, but could not able to find such guide which can explain the fields.
Any help would be appreciated.
Thank you.
Hi ,
If you are looking for the possible events you could try this endpoint : https://developer.cisco.com/meraki/api-v1/#!get-network-events-event-types
No, I'm looking for a explanation of fields which comes in the event.
For example: There is a deviceName field which comes in the event. What deviceName represents? Is it a device hostname?
I'm looking for explanation of all fields in all events. The endpoint you suggested in above comment just tells you possible event types.
Thank you.
Well the fields are all explained on the page of your endpoint :
https://developer.cisco.com/meraki/api-v1/#!get-network-events
Thank you for your response.
The fields you are saying are actually the parameters to use while querying the API.
I'm looking for event fields explanation. For example, lets check the following event for endpoint
GET /organizations/{organizationId}/appliance/security/events:
{
"ts": "2022-02-22T13:11:34.643074Z",
"eventType": "IDS Alert",
"deviceMac": "xx:xx:xx:xx:xx:xx",
"clientMac": "xx:xx:xx:xx:xx:xx",
"srcIp": "xxx:xx:xxx:xx:1234",
"destIp": "xxx:xx:xxx:xx:5678",
"protocol": "udp/ip",
"priority": "1",
"classification": "12",
"blocked": true,
"message": "(spo_bo) Back Orifice Client Traffic detected",
"signature": "105:2:2",
"sigSource": "ips",
"ruleId": "GID/105/SID/2"
}
What I'm looking for the is definition/explanation of each field, like what is clientMac, what is classification etc..
I know it's 2 years late however, I've just stumbled across this trying to source the exact same information. The closest I've got to answer is - https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering_Powere...
And then click on the link to BrightCloud.