When our Cisco Meraki MX security appliances began offering integrated intrusion detection (IDS) via SNORT®, we were quick to write about it and highlight its many benefits: identifying malicious activity, categorizing threats by type and severity, and generating detailed reports if needed.
We’ve since updated our security reporting interface to make it more intuitive and navigable for busy IT admins. Data is presented in real time in the dashboard (find reports at either Monitor > Security for a network-specific view or else at Organization > Security report for aggregated data across all networks), allowing admins to quickly see current threat status. The benefit of the organization-wide view is that IT admins don’t need to click into each individual network to analyze security reports; instead, this consolidated view provides threat information for hundreds of thousands of networks — enabling scalable deployment (and use of) IDS without requiring teams of security experts to manage each individual network. Tip: it’s also easy to filter individual network data from the organizational security report page, if you prefer a non-aggregated view.
Our security reporting page gives real-time and historic threat status.
Use built-in time templates to view data from the last hour, day, week, or month — or create a custom date range view. To get granular, by-the-minute details for a particular timespan, click on any bar to zoom into a more detailed view. In the example below, I chose to get more information about threats occurring at 10:45am by clicking on its bar:
At 10:45am, high-priority threats were detected; I want to drill deeper, so will click the bar.
Granular, minute-by-minute threat data becomes available, showing the exact moment threats were detected.
Security threats are categorized by:
-
Priority level (High, Medium, Low)
-
Signatures (as defined by SNORT®)
-
Networks
-
Clients
-
Source and destination IP addresses
Each of these variables is sortable and filterable. Additionally, you can filter security reports by identified network protocols and individual SNORT ID signatures:
There are many variables on which to filter threat events.
View pie charts showing overall threats by individual client, source IP, destination IP, SNORT signature, and network.
Sorting threats by client can quickly show devices with high activity, giving you the option to view that client’s details for further investigation.
To discover details about individual SNORT signatures, simply click them in the events table. Information about the actual threat and possible remediation techniques will be displayed.
Detailed threat-specific information is only a click away.
Keeping malicious activity at bay is a serious concern for any network administrator. The Meraki MX greatly simplifies IDS management through our intuitive, graphical interface and our cloud-based architecture, which lets admins monitor all of their networks from any Internet-accessible location.