Trigger Meraki alerts

fakrulalam · ‎11-19-2019

Hi,

I am working on integrating Mearki alerts (using webhook) with ITSM. To test the functionality I like to test each alerts and see how it reflect in ITSM. Is there any scripts/tool I can use to trigger the alerts specially udldError, malwareDetected, malwareBlocked, portCableError and rougueDHCPServer. I am able to trigger them manually it's really time consuming and I can't do it remotely.

Thanks

Fakrul.

BrechtSchamp · ‎11-19-2019

I suppose you already know that you can trigger AMP using the EICAR samples (eicar.org).

For rogue DHCP you could just run an open source DHCP server. Tftpd comes to mind.

But you can't do that remotely indeed. Unless you can access a client remotely. And I wouldn't do the DHCP test on a production network.

fakrulalam · ‎11-20-2019

Yes i was able to use EICAR to check malwereBlocked alert. Regarding DHCP I am alwaya getting newDHCPDetected not the rogueDHCP one. Not sure for which scenario rogueDHCP alerts trigger.

BrechtSchamp · ‎11-20-2019

I haven't tested with it, but is the DHCP server you added handing out addresses in the same range as the MX is?

Philip D'Ath · ‎11-20-2019

>Is there any scripts/tool I can use to trigger the alerts

No.

BlakeRichardson · ‎11-20-2019

@fakrulalam I would imagine a rogue DHCP alert would come when a subnet has a second DHCP server added onto it.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

fakrulalam · ‎11-20-2019

I have tried putting a new DHCP server (advertising the same prefixes) but still getting NewDHCPservcerdetected alert.