Organization Appliance Security Intrusion Detection Configuration
Dashboard Location: Security & SD-WAN > Configure > Threat Protection > Intrusion Detection and Prevention
Organization-Wide Appliance Security Intrusion Detection and Prevention Management
Section titled “Organization-Wide Appliance Security Intrusion Detection and Prevention Management”Organization appliance security intrusion detection configuration in Meraki provides administrators with comprehensive threat protection capabilities, enabling network-wide intrusion detection and prevention (IDS/IPS), signature-based threat identification, behavioral analysis, attack pattern recognition, and automated threat response. This functionality supports advanced persistent threat (APT) detection, zero-day attack protection, network forensics, compliance monitoring, and real-time security event correlation across distributed network infrastructure. Security intrusion detection is essential for enterprise security posture, regulatory compliance, incident response, threat hunting, and maintaining comprehensive network security visibility while providing centralized security policy management and automated threat mitigation capabilities.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”appliance (meraki.domains.organizations)
Section titled “appliance (meraki.domains.organizations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| security_intrusion_allowed_rules | List | [security_intrusion_allowed_rules] | No |
security_intrusion_allowed_rules (meraki.domains.organizations.appliance)
Section titled “security_intrusion_allowed_rules (meraki.domains.organizations.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| rule_id | String | min: 1, max: 127 | Yes | |
| message | String | min: 1, max: 1024 | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates appliance security intrusion configuration.
This configuration manages organization-wide intrusion detection and prevention settings for appliances. The example includes IDS/IPS rules, threat signatures, and security policies for comprehensive network threat protection across the organization.
The appliance named “appliance” includes a security intrusion allowed rule with the ID meraki:intrusion/snort/GID/01/SID/688, which corresponds to the message “SQL sa login failed.”
NOTE about “Allow List rules”: Specific signatures can be added only after they are seen by the appliance. In GUI they will appear in the Select an Option drop-down so you can select which signature(s) you wish to allow. This setting is shared among all networks in your organization.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org appliance: name: appliance security_intrusion_allowed_rules: - rule_id: meraki:intrusion/snort/GID/01/SID/688 message: SQL sa login failed