Forum Discussion
Sentinel & Cisco Meraki?
Has anyone had any experience with getting Cisco Meraki feeds ingesting into Sentinel? Just checking for any gotcha's...
Are you running this function when you query? or can this be used at collection without having to create individual custom fields?
I use it when we query; so instead of "Cisco_Meraki_CL" as the "table" in my search, it's this function...
UnifiedJD Here is a blog post some Meraki Analytics rules: https://cryptsus.com/blog/cisco-meraki-sentinel-siem.html
JKatzmandu good thread, the solution worked well to get the data separated. The only issue here is Sentinel has 0 analytics for Meraki, none of their scheduled/ML/Anomaly analytics will every query that table so I am going to work on getting the data into CommonSecurityLog in hopes it might catch something.
