Meraki Firewall
Version: Meraki Firewalls MX Series.
Meraki Firewalls are cloud-managed network security appliances designed to make distributed networks fast, secure, manageable by employing stateful inspection and auto-configuring VPN options. Netsurion’s Open XDR platform amasses and examine logs generated by Meraki Firewall to help an administrator to monitor IDS alerts, VPN sessions, web traffic, user behavior and system activity.
Netsurion Data Source Integration for Meraki Firewall allows you to monitor the following:-
- Operations – Web traffic and VPN sessions
- Security – IDS alerts and blocked web content
- Compliance – User behavior and system activity
Netsurion’s Open XDR platform supports McAfee Firewall Enterprise (Sidewinder) and it can be configured to send syslog to Netsurion Enterprise.
Netsurion Data Source Integration for McAfee Sidewinder allows you to monitor following:-
- Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
- Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
- Compliance – Changes in policy configuration (addition and deletion).
Once Meraki Firewall is configured to deliver events to Netsurion’s Open XDR platform; alerts, dashboards and reports can be configured into Netsurion’s Open XDR platform.
Some of the Data Source Integrations available in Netsurion are listed below.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Meraki Firewall – IDS alert detected | This alert is generated when unusual traffic is detected by IDS. |
| Security | Meraki Firewall – Suspicious content blocked | This alert is generated when suspicious web content is blocked by content filter. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Meraki Firewall – IDS alert details | This report provides information related to threats detected by IDS which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Protocol Type and Alert Details fields. |
| Security | Meraki Firewall – Blocked web content details | This report provides information related to web content blocked by content filter which includes Host Address, Host Port, Blocked URL Category and Blocked URL fields. |
| Operations | Meraki Firewall – Traffic flow details | This report provides information related to traffic flow which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Protocol Type and Rule Name fields. |
| Operations | Meraki Firewall – Web traffic details | This report provides information related to web traffic which includes Source MAC, Source IP, Source Port, Destination MAC, Destination IP, Destination Port, Request Type and Requested URI fields. |
| Operations | Meraki Firewall – VPN session details | This report provides information related to VPN sessions establishment, connection or disconnection which includes VPN Type, VPN Status, User Name, Source IP, Source Port, Destination IP and Destination Port fields. |
| Compliance | Meraki Firewall – User authentication details | This report provides information related to local user authentication attempt which includes Host MAC, User Name, User Details and Group Details fields. |
| Compliance | Meraki Firewall – Device activity details | This report provides information related to configuration changes and system events which includes Device Name, Event Time and Activity fields. |
Documentation
The configuration details are consistent with Netsurion’s Open XDR platform version 7.x or later, and McAfee Firewall Enterprise (Sidewinder) 7.X and later.
Download Integration Guide and How-to Guide for more information and to configuration instructions.