Forum Discussion
Sentinel & Cisco Meraki?
Has anyone had any experience with getting Cisco Meraki feeds ingesting into Sentinel? Just checking for any gotcha's...
I use it when we query; so instead of "Cisco_Meraki_CL" as the "table" in my search, it's this function...
JKatzmandu good thread, the solution worked well to get the data separated. The only issue here is Sentinel has 0 analytics for Meraki, none of their scheduled/ML/Anomaly analytics will every query that table so I am going to work on getting the data into CommonSecurityLog in hopes it might catch something.
UnifiedJD Here is a blog post some Meraki Analytics rules: https://cryptsus.com/blog/cisco-meraki-sentinel-siem.html
