Forum Discussion
David Caddick
Mar 16, 2020Iron Contributor
Sentinel & Cisco Meraki?
Has anyone had any experience with getting Cisco Meraki feeds ingesting into Sentinel? Just checking for any gotcha's...
mhaasEFD
Dec 05, 2020Copper Contributor
Are you running this function when you query? or can this be used at collection without having to create individual custom fields?
JKatzmandu
Jan 08, 2021Brass Contributor
I use it when we query; so instead of "Cisco_Meraki_CL" as the "table" in my search, it's this function...
- krabelizeNov 05, 2023Copper Contributor
UnifiedJD Here is a blog post some Meraki Analytics rules: https://cryptsus.com/blog/cisco-meraki-sentinel-siem.html
- UnifiedJDJun 10, 2021Copper Contributor
JKatzmandu good thread, the solution worked well to get the data separated. The only issue here is Sentinel has 0 analytics for Meraki, none of their scheduled/ML/Anomaly analytics will every query that table so I am going to work on getting the data into CommonSecurityLog in hopes it might catch something.