List the security events for a client
GET {{baseUrl}}/networks/:networkId/appliance/clients/:clientId/security/events
List the security events for a client. Clients can be identified by a client key or either the MAC or IP depending on whether the network uses Track-by-IP.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
t0 | string | The beginning of the timespan for the data. Data is gathered after the specified t0 value. The maximum lookback period is 791 days from today. | |
t1 | string | The end of the timespan for the data. t1 can be a maximum of 791 days after t0. | |
timespan | string | The timespan for which the information will be fetched. If specifying timespan, do not specify parameters t0 and t1. The value must be in seconds and be less than or equal to 791 days. The default is 31 days. | |
perPage | string | The number of entries per page returned. Acceptable range is 3 - 1000. Default is 100. | |
startingAfter | string | A token used by the server to indicate the start of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it. | |
endingBefore | string | A token used by the server to indicate the end of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it. | |
sortOrder | string | Sorted order of security events based on event detection time. Order options are 'ascending' or 'descending'. Default is ascending order. |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
X-Cisco-Meraki-API-Key | null |
RESPONSES
status: OK
[{"ts":"2020-03-20T16:00:10.144989Z","eventType":"File Scanned","clientName":"COMPUTER-M-V78J","clientMac":"10:dd:b1:eb:88:f8","clientIp":"192.168.128.2","srcIp":"192.168.128.2","destIp":"119.192.233.48","protocol":"http","uri":"http://www.favorite-icons.com/program/FavoriteIconsUninstall.exe","canonicalName":"PUA.Win.Dropper.Kraddare::1201","destinationPort":80,"fileHash":"3ec1b9a95fe62aa25fc959643a0f227b76d253094681934daaf628d3574b3463","fileType":"MS_EXE","fileSizeBytes":193688,"disposition":"Malicious","action":"Blocked"},{"ts":"2018-02-11T00:00:00.090210Z","eventType":"IDS Alert","deviceMac":"00:18:0a:01:02:03","clientMac":"A1:B2:C3:D4:E5:F6","srcIp":"1.2.3.4:34195","destIp":"10.20.30.40:80","protocol":"tcp/ip","priority":"2","classification":"4","blocked":true,"message":"SERVER-WEBAPP JBoss JMX console access attempt","signature":"1:21516:9","sigSource":"","ruleId":"meraki:intrusion/snort/GID/1/SID/26267"},{"ts":"2018-02-11T00:00:00.090210Z","eventType":"IDS Alert","deviceMac":"00:18:0a:01:02:03","clientMac":"A1:B2:C3:D4:E5:F6","srcIp":"1.2.3.4:56023","destIp":"10.20.30.40:80","protocol":"tcp/ip","priority":"1","classification":"33","blocked":true,"message":"POLICY-OTHER Adobe ColdFusion admin interface access attempt","signature":"1:25975:2","sigSource":"","ruleId":"meraki:intrusion/snort/GID/1/SID/26267"}]