Skip to content

Latest commit

 

History

History
89 lines (82 loc) · 7.29 KB

724c9add-8cd9-4013-b9e1-a907b96da426.md

File metadata and controls

89 lines (82 loc) · 7.29 KB
Raw

Products: Cisco Systems - Meraki

Rules

Rule ID Rule Name
MATCH-S00553 Allowed Inbound RDP Traffic
LEGACY-S00004 Bitsadmin to Uncommon TLD
MATCH-S00209 CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013 Connection to High Entropy Domain
MATCH-S00513 Critical Severity Intrusion Signature
THRESHOLD-S00009 Directory Traversal - Unsuccessful
THRESHOLD-S00074 Excessive Firewall Denies
THRESHOLD-S00085 Excessive Outbound Firewall Blocks
MATCH-S00454 Firewall Allowed SMB Traffic
FIRST-S00030 First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025 First Seen SMB Allowed Traffic From IP
LEGACY-S00041 HTTP External Request to PowerShell Extension
LEGACY-S00042 HTTP Request to Domain in Non-Standard TLD
MATCH-S00203 HTTP activity over port 53 - Possible SIGRED
LEGACY-S00045 HTTP request for single character file name
LEGACY-S00046 Hexadecimal User-Agent
MATCH-S00666 High Severity Intrusion Signature
LEGACY-S00047 High risk file extension download without hostname and referrer
THRESHOLD-S00079 Inbound Port Scan
MATCH-S00669 Informational Severity Intrusion Signature
THRESHOLD-S00080 Internal Port Scan
THRESHOLD-S00081 Internal Port Sweep
THRESHOLD-S00514 Intrusion Scan - Targeted
THRESHOLD-S00515 Intrusion Sweep
MATCH-S00668 Low Severity Intrusion Signature
MATCH-S00667 Medium Severity Intrusion Signature
MATCH-S00554 Outbound IRC Traffic
LEGACY-S00056 Outbound TFTP Traffic
THRESHOLD-S00048 Outbound Traffic to Countries Outside the United States
THRESHOLD-S00026 Possible Credential Abuse
THRESHOLD-S00040 Possible DNS over TLS (DoT) Activity
MATCH-S00835 Possible Dynamic URL Domain
MATCH-S00637 Possible Malicious Download
MATCH-S00558 Potential Inbound VNC Traffic
MATCH-S00502 RDP Traffic to Unexpected Host
MATCH-S00560 SMTP Traffic from Non-SMTP Servers
LEGACY-S00093 Script/CLI UserAgent string
LEGACY-S00095 Server-Side Code Injection in URL
OUTLIER-S00010 Spike in URL Length from IP Address
MATCH-S00783 Spring4Shell Exploitation - URL
LEGACY-S00182 Suspicious HTTP User-Agent
LEGACY-S00111 Threat Intel - Device IP Matched Threat Intel URL
MATCH-S00555 Threat Intel - Inbound Traffic Context
LEGACY-S00109 Threat Intel - Matched Domain Name
LEGACY-S00108 Threat Intel - Matched File Hash
LEGACY-S00107 Threat Intel Match - IP Address
LEGACY-S00165 VBS file downloaded from Internet
MATCH-S00557 Web Request to IP Address
MATCH-S00566 Web Request to Punycode Domain

Log Mappers

Log Mapper ID Log Mapper Name
8bd2d994-32e4-4496-97e1-35f8b5bd8c2a Cisco Meraki 8021x
fef99d8e-98aa-41eb-a051-3e9cb9ab32cc Cisco Meraki Catch All - Custom Parser
8a3e7b76-57da-432f-a6e7-40b5d9137ba2 Cisco Meraki Client Association
ff59f645-a195-4cdf-ba07-8638be08621f Cisco Meraki Content Filtering Block - Custom Parser
2436a135-f5a7-45da-8e22-458436606585 Cisco Meraki Failed WPA Authentication Attempt
e69d3f69-59b1-43c2-b32f-42baa4ab5ef0 Cisco Meraki File Scanned - C2C
9cd7d33e-bc90-4b12-8bc6-1c5da6e753aa Cisco Meraki Firewall - Custom Parser
729879dc-1b7e-4fd7-a5fe-c20fe3c40f33 Cisco Meraki Flow End
8eabfb7e-ce11-47f6-b19b-f51dcfce6ebc Cisco Meraki Flow Start
4d290a08-89cb-45b8-8504-954817ac4b9e Cisco Meraki Flow Start_End - Custom Parser
5d002934-a3bc-4342-8749-825f8e6e9bcb Cisco Meraki Flows
6eaf7d72-b132-45b7-8e2e-6a9811ee0511 Cisco Meraki Flows - Custom Parser
ddfbc7e4-5f83-46b5-90fd-5d3e9bdb1ff6 Cisco Meraki IDS - Custom Parser
ee6f31c0-b462-44ae-9eb5-4318ba441025 Cisco Meraki IDS Alert - C2C
1c55b073-ace7-4aa3-a260-c0d922beceee Cisco Meraki IDS Alerted
ba2d72de-8d25-4e0f-a4f7-85d263c62b7e Cisco Meraki L7 Firewall - Custom Parser
e6da534c-057e-484b-9420-18b257745739 Cisco Meraki Organization Configuration Change - C2C
c1f966d9-4a30-4e67-a5ba-9630545f757f Cisco Meraki Security Filtering Disposition Change - Custom Parser
c9dfbba9-afb9-4c89-90e2-ced946da16f0 Cisco Meraki Security Filtering File Scanned
27909e48-6b07-44c7-be5d-50a61bb58145 Cisco Meraki Security Filtering File Scanned - Custom Parser
be6d394b-2103-4f0f-a34e-a6866ba8dcf8 Cisco Meraki URLS
202b0cfa-4227-4f96-863a-bdf65f2d11f3 Cisco Meraki URLS - Custom Parser
1c798d67-4d63-4ce5-a6a9-72f3f6d1effe Cisco Meraki WPA - Custom Parser
f1d787f7-da3a-4b29-93e9-50ab3bc2ded2 Cisco Meraki WPA Authentication
66aea047-d90b-4544-91c7-a163c779556c Cisco Meraki WPA Deauthentication
fb41a180-de25-43d6-9e22-a3dd504003fc Cisco Meraki Wireless Air Marshall - C2C