From 8a7d07049685204c798459fcdc0340400350a35a Mon Sep 17 00:00:00 2001 From: Maciej Laskowski <maciej_laskowski@rapid7.com> Date: Tue, 26 Mar 2024 10:01:06 +0100 Subject: [PATCH 1/5] VC-1570 Add Cisco Meraki detection using SNMP to recog --- xml/snmp_sysdescr.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml index 9ef904b7..04c493de 100644 --- a/xml/snmp_sysdescr.xml +++ b/xml/snmp_sysdescr.xml @@ -1820,6 +1820,32 @@ Copyright (c) 1995-2005 by Cisco Systems <param pos="0" name="os.product" value="Wireless Controller"/> </fingerprint> + <fingerprint pattern="^Meraki MX[A-Z0-9]{2,10}"> + <description>Meraki MX Cloud-Managed Security and SD-WAN</description> + <example hw.product="MX68">Meraki MX68 Router/Security Appliance</example> + <example hw.product="MX84">Meraki MX84 Cloud Managed Router</example> + <param pos="0" name="hw.vendor" value="Cisco"/> + <param pos="0" name="hw.family" value="Meraki MX"/> + <param pos="0" name="hw.device" value="Security Appliance"/> + <param pos="1" name="hw.product"/> + </fingerprint> + + <fingerprint pattern="^Meraki MR[A-Z0-9]{2,10}"> + <description>Meraki MR Cloud-Managed Wi-Fi Access Points</description> + <param pos="0" name="hw.vendor" value="Cisco"/> + <param pos="0" name="hw.family" value="Meraki MR"/> + <param pos="0" name="hw.device" value="WAP"/> + <param pos="1" name="hw.product"/> + </fingerprint> + + <fingerprint pattern="^Cisco Meraki MS[A-Z0-9-]{2,15}"> + <description>Meraki MS Cloud-Managed Network Switches</description> + <param pos="0" name="hw.vendor" value="Cisco"/> + <param pos="0" name="hw.family" value="Meraki MS"/> + <param pos="0" name="hw.device" value="Switch"/> + <param pos="1" name="hw.product"/> + </fingerprint> + <!--====================================================================== Crestron =======================================================================--> From f3b3edb13dd2139bc1d60632e122c05d4fdbc327 Mon Sep 17 00:00:00 2001 From: Maciej Laskowski <maciej_laskowski@rapid7.com> Date: Tue, 26 Mar 2024 11:29:38 +0100 Subject: [PATCH 2/5] VC-1570 Added tests --- xml/snmp_sysdescr.xml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml index 04c493de..41318383 100644 --- a/xml/snmp_sysdescr.xml +++ b/xml/snmp_sysdescr.xml @@ -1820,7 +1820,7 @@ Copyright (c) 1995-2005 by Cisco Systems <param pos="0" name="os.product" value="Wireless Controller"/> </fingerprint> - <fingerprint pattern="^Meraki MX[A-Z0-9]{2,10}"> + <fingerprint pattern="Meraki (MX[A-Z0-9]{2,10})"> <description>Meraki MX Cloud-Managed Security and SD-WAN</description> <example hw.product="MX68">Meraki MX68 Router/Security Appliance</example> <example hw.product="MX84">Meraki MX84 Cloud Managed Router</example> @@ -1830,16 +1830,20 @@ Copyright (c) 1995-2005 by Cisco Systems <param pos="1" name="hw.product"/> </fingerprint> - <fingerprint pattern="^Meraki MR[A-Z0-9]{2,10}"> + <fingerprint pattern="Meraki (MR[A-Z0-9]{2,10})"> <description>Meraki MR Cloud-Managed Wi-Fi Access Points</description> + <example hw.product="MR53E">Meraki MR53E Cloud Managed AP</example> + <example hw.product="MR90">Meraki MR90 Cloud Managed AP</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki MR"/> <param pos="0" name="hw.device" value="WAP"/> <param pos="1" name="hw.product"/> </fingerprint> - <fingerprint pattern="^Cisco Meraki MS[A-Z0-9-]{2,15}"> + <fingerprint pattern="Meraki (MS[A-Z0-9-]{2,15})"> <description>Meraki MS Cloud-Managed Network Switches</description> + <example hw.product="MS120-8FP">Cisco Meraki MS120-8FP Cloud Managed Switch</example> + <example hw.product="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki MS"/> <param pos="0" name="hw.device" value="Switch"/> From 7cbc3f3243ae975460c0f242a36cb9160729c1ad Mon Sep 17 00:00:00 2001 From: Maciej Laskowski <maciej_laskowski@rapid7.com> Date: Tue, 26 Mar 2024 11:39:50 +0100 Subject: [PATCH 3/5] VC-1570 ran recog_standardize and changed family to Meraki. --- identifiers/hw_family.txt | 1 + xml/snmp_sysdescr.xml | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/identifiers/hw_family.txt b/identifiers/hw_family.txt index db16347f..76fb155f 100644 --- a/identifiers/hw_family.txt +++ b/identifiers/hw_family.txt @@ -43,6 +43,7 @@ MacBook MacBook Air MacBook Pro MegaRAC +Meraki MiiNePort Multifunction My Book diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml index 41318383..7f76d686 100644 --- a/xml/snmp_sysdescr.xml +++ b/xml/snmp_sysdescr.xml @@ -1825,7 +1825,7 @@ Copyright (c) 1995-2005 by Cisco Systems <example hw.product="MX68">Meraki MX68 Router/Security Appliance</example> <example hw.product="MX84">Meraki MX84 Cloud Managed Router</example> <param pos="0" name="hw.vendor" value="Cisco"/> - <param pos="0" name="hw.family" value="Meraki MX"/> + <param pos="0" name="hw.family" value="Meraki"/> <param pos="0" name="hw.device" value="Security Appliance"/> <param pos="1" name="hw.product"/> </fingerprint> @@ -1835,7 +1835,7 @@ Copyright (c) 1995-2005 by Cisco Systems <example hw.product="MR53E">Meraki MR53E Cloud Managed AP</example> <example hw.product="MR90">Meraki MR90 Cloud Managed AP</example> <param pos="0" name="hw.vendor" value="Cisco"/> - <param pos="0" name="hw.family" value="Meraki MR"/> + <param pos="0" name="hw.family" value="Meraki"/> <param pos="0" name="hw.device" value="WAP"/> <param pos="1" name="hw.product"/> </fingerprint> @@ -1845,7 +1845,7 @@ Copyright (c) 1995-2005 by Cisco Systems <example hw.product="MS120-8FP">Cisco Meraki MS120-8FP Cloud Managed Switch</example> <example hw.product="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example> <param pos="0" name="hw.vendor" value="Cisco"/> - <param pos="0" name="hw.family" value="Meraki MS"/> + <param pos="0" name="hw.family" value="Meraki"/> <param pos="0" name="hw.device" value="Switch"/> <param pos="1" name="hw.product"/> </fingerprint> From db7d4c7275386b930b61c730996f3b4ddf0ed7a3 Mon Sep 17 00:00:00 2001 From: Maciej Laskowski <maciej_laskowski@rapid7.com> Date: Tue, 26 Mar 2024 12:15:28 +0100 Subject: [PATCH 4/5] VC-1570 random changes --- xml/snmp_sysdescr.xml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml index 7f76d686..8c75ceec 100644 --- a/xml/snmp_sysdescr.xml +++ b/xml/snmp_sysdescr.xml @@ -1822,32 +1822,35 @@ Copyright (c) 1995-2005 by Cisco Systems <fingerprint pattern="Meraki (MX[A-Z0-9]{2,10})"> <description>Meraki MX Cloud-Managed Security and SD-WAN</description> - <example hw.product="MX68">Meraki MX68 Router/Security Appliance</example> - <example hw.product="MX84">Meraki MX84 Cloud Managed Router</example> + <example hw.model="MX68">Meraki MX68 Router/Security Appliance</example> + <example hw.model="MX84">Meraki MX84 Cloud Managed Router</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki"/> + <param pos="0" name="hw.series" value="MX"/> <param pos="0" name="hw.device" value="Security Appliance"/> - <param pos="1" name="hw.product"/> + <param pos="1" name="hw.model"/> </fingerprint> <fingerprint pattern="Meraki (MR[A-Z0-9]{2,10})"> <description>Meraki MR Cloud-Managed Wi-Fi Access Points</description> - <example hw.product="MR53E">Meraki MR53E Cloud Managed AP</example> - <example hw.product="MR90">Meraki MR90 Cloud Managed AP</example> + <example hw.model="MR53E">Meraki MR53E Cloud Managed AP</example> + <example hw.model="MR90">Meraki MR90 Cloud Managed AP</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki"/> + <param pos="0" name="hw.series" value="MR"/> <param pos="0" name="hw.device" value="WAP"/> - <param pos="1" name="hw.product"/> + <param pos="1" name="hw.model"/> </fingerprint> <fingerprint pattern="Meraki (MS[A-Z0-9-]{2,15})"> <description>Meraki MS Cloud-Managed Network Switches</description> - <example hw.product="MS120-8FP">Cisco Meraki MS120-8FP Cloud Managed Switch</example> - <example hw.product="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example> + <example hw.model="MS120-8FP">Cisco Meraki MS120-8FP Cloud Managed Switch</example> + <example hw.model="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki"/> + <param pos="0" name="hw.series" value="MS"/> <param pos="0" name="hw.device" value="Switch"/> - <param pos="1" name="hw.product"/> + <param pos="1" name="hw.model"/> </fingerprint> <!--====================================================================== From 24cf284f7effb036ec6ad28211286c7eeb131f3d Mon Sep 17 00:00:00 2001 From: Maciej Laskowski <maciej_laskowski@rapid7.com> Date: Wed, 27 Mar 2024 10:24:52 +0100 Subject: [PATCH 5/5] VC-1570 modified examples as per Meraki community advise. --- xml/snmp_sysdescr.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml index 8c75ceec..2b8f624d 100644 --- a/xml/snmp_sysdescr.xml +++ b/xml/snmp_sysdescr.xml @@ -1833,7 +1833,7 @@ Copyright (c) 1995-2005 by Cisco Systems <fingerprint pattern="Meraki (MR[A-Z0-9]{2,10})"> <description>Meraki MR Cloud-Managed Wi-Fi Access Points</description> - <example hw.model="MR53E">Meraki MR53E Cloud Managed AP</example> + <example hw.model="MR46E">Meraki MR46E Cloud Managed AP</example> <example hw.model="MR90">Meraki MR90 Cloud Managed AP</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki"/> @@ -1844,7 +1844,7 @@ Copyright (c) 1995-2005 by Cisco Systems <fingerprint pattern="Meraki (MS[A-Z0-9-]{2,15})"> <description>Meraki MS Cloud-Managed Network Switches</description> - <example hw.model="MS120-8FP">Cisco Meraki MS120-8FP Cloud Managed Switch</example> + <example hw.model="MS120-8LP">Meraki MS120-8LP Cloud Managed PoE Switch</example> <example hw.model="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example> <param pos="0" name="hw.vendor" value="Cisco"/> <param pos="0" name="hw.family" value="Meraki"/>