Configuration options for Cisco Meraki

Review configuration options for Cisco Meraki firewalls in RocketCyber

Reputation lookup on connecting IPs	Meraki firewalls report events based on different types. HTTP GET requests will monitor traffic and inform you only of unexpected traffic or traffic coming from unusual locations (e.g. countries on the Enabled Countries list)
Rogue SSID, SSID spoofing	Monitors for attempts to hijack network traffic by convincing packets that the malicious device is part of the legitimate network
IDS signature match	Finds a variety of dangerous traffic such as known viruses
Packet flood	Warns of Denial of Service attacks against your network, as well as certain types of network reconnaissance
VPN change, IP session initiated	Changes in VPN connectivity and IP session initiations can provide useful information, but on most systems create far too much noise

Log Format

The expected format for Meraki logs is space-separated. For example

<134>1 1571411707.115137436 Meraki_HQ_appliance urls src=192.168.17.127:58837 dst=173.193.237.179:443 mac=70:E2:84:AA:AA:AA request: UNKNOWN https://r1cm.r1soft.com/...

<134>1 url=http://www.eicar.org/download/eicar.com.txt src=192.168.128.2:53150 dst=181.10.231.251:80 mac=98:5A:EB:AA:AA:AA name=EICAR sha256=275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f disposition=malicious action=block

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.