Cisco Meraki MX Series IPS/IDS Pen Testing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2016 09:58 AM - edited 03-10-2019 06:42 AM
I have been piloting a Cisco Meraki MX64 device for quite sometime and we have been looking at it specifically to see what data can get out of it for SIEM integration. Per the documentation that I've found and working with Cisco we should be able to get IDS/IPS logs via syslog.
We've ran Qualys, Agressive NMAP, MetaSploit, and Nessus and have only been able to generate a handful of events either scanning through the firewall to a host outside or inside the Meraki, or scanning the WAN or LAN interface on the firewall itself.
When I say handful, I mean no more than 5 at a time and NMAP produces nothing.
Just wondering what others are seeing in terms of events being sent to syslog from these devices.
Not much to configure in terms of syslog settings so you really can't get it wrong.
Thanks for your time.
Dana
- Labels:
-
IPS and IDS
