Home > Security Appliances > Monitoring and Reporting > Security Center

Security Center

Overview

The Security Center provides a centralized view for security filtering events. This includes both IDS/IPS and Advanced Malware Protection (AMP) events.

Components

The Security Center provides information and insights to a network administrator through a variety of different components, each focusing on different analytics and uses. This section outlines each of those components and the information they present.

Navigation and Control

The top of the Security Center page allows control over the data being viewed. From this section of the page, it is possible to:

  • Change the time range of events displayed:

  • Filter events by scope, type, disposition, and action:

  • Search through events by client identifier, URI, SHA256 file hash, or IDS/IPS rule ID:

Screen Shot 2016-04-01 at 1.19.07 PM.png

  • Toggle between the Summary and Events view:

It is also possible to filter event data down to a single client or event. Clicking on a client, IP, or threat will pop up an info card that provides more information and links, including the ability to filter the Security Center view based on the item selected.

 

An example info card for an IDS/IPS signature is included below. Selecting Show only this signature will only show events related to that signature.

These filters will be displayed below the navigation and control panel and can be dismissed by clicking the X on the right-hand side:

It is possible to apply multiple filters. In the example above, events will be filtered by the IDS/IPS signature and the client device. Only events matching both filters are displayed in this case. 

Summary View

The summary view of the Security Center provides a variety of visual components to understand the security events on the network.

Retrospective Malware Detections

This component provides alerts about downloaded files that have changed to a malicious disposition.

Please see this article for more information about AMP dispositions and retrospection.

Events over time

The Events over time component shows the number of events matching configured filters, over a specified interval of time, ranging from one month to two hours:

Clicking on a day will filter the data within the Security Center to display only events for the selected day.

Most affected clients

This section provides a breakdown of the subset of clients that have generated the most events for the selected filters.

Top sources of threats

This section provides both a map and a table summary of the most common IP addresses associated with threats matching the configured filters.

The map provides a visual view into the trajectory of these threats, from the network location to the geo-located source of the IP address associated with the threat.

Most prevalent threats

This component provides a list of the most frequent threats matching the selected filters. These can be the most common IDS/IPS signatures that have been detected, the most frequently scanned or blocked file through the AMP engine, or a combination of both.

Most affected operating systems

This table summaries the events matching the selected filters by client operating system. The events are aggregated based on the operating system of the client devices in the security events and are displayed in the table by the number of events associated with that operating system.

Events View

The Events view provides the same data as the summary view in a text-based log. It is still possible to filter this data in the same ways as the summary view:

You must to post a comment.
Last modified
17:11, 1 Aug 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community