Hi I am a SOC analyst and one of our client is using Meraki firewall. We are monitoring traffic going in and out of their firewall. Now, in every detection, there is an action of the firewall if it has been blocked, denied or passed. The problem is, Meraki firewall in its syslogs, the event only shows like this: "cisco.event_action: 1". I want to ask what does this mean? Is it blocked, denied or passed? 

Looking forward for your timely response. Thank you.