Monitor Alerts

Alerts are categorized into three types: Wi-Fi, System, and WIPS (see the sections below for details) and are further classified as follows, based on the nature of events that trigger the alerts.

  • Instantaneous - Alerts generated for events that are instantaneous, i.e., one-off events that do not persist over time. For example, the failure of a scheduled client connectivity test is an instantaneous Wi-Fi alert. Similarly, an authorized client probing for a vulnerable SSID is an instantaneous WIPS alert.
  • Live - Alerts generated for events that persist over time. These alerts are triggered by some condition and persist until the condition holds true. For example, the number of clients experiencing authentication failure exceeding a threshold is a Wi-Fi alert that persists over time. Similarly, a rogue AP becoming active is a WIPS alert that persists over time.
  • Expired - A live alert expires when the condition that triggered the alert no longer holds true.
The chapter contains the following topics:

Monitor Wi-Fi Alerts

Under MONITOR > Alerts > WiFI , you can review Wi-Fi alerts that have been configured to be displayed on the UI.

Wi-Fi alerts capture network connectivity and performance events such as client authentication failures and high latencies. As shown in the figure above, alerts are categorized by the aspect of the Wi-Fi network that they pertain to-for example, client connectivity test or connection failure. You can mark a Wi-Fi alert as "Read" or "Unread" and you can delete it.

Monitor WIPS Alerts

Under MONITOR > Alerts > WIPS, you can review WIPS alerts that have been configured to be displayed on the UI.

WIPS alerts are related to Wi-Fi vulnerabilities and attacks that may pose a security threat to your network. You can turn on or off the security status of a WIPS alert, i.e., decide whether an alert affects the security status of your network. A network administrator can acknowledge an alert. This then shows up in the acknowledgment trail that other administrators can check to know which user has acknowledged an alert. Wherever needed, WIPS alerts have recommended actions that you can undertake to secure your network.

Monitor System Alerts

Under Monitor > Alerts > System, you can review System alerts that have been configured to be displayed on the UI.

System alerts are for events related to the overall health of the Wi-Fi server and infrastructure, e.g., when a Wi-Fi server switches from active to standby or an AP gets disconnected from the network. As shown in the figure above, they are categorized into Server or AP/Sensor alerts. You can change whether an alert affects the security status of your network. For example, when a server stops, some WIPS functionality is lost, which could make your network vulnerable. Like WIPS alerts, a network administrator can acknowledge and check acknowledgment trails for a system alert. Wherever needed, system alerts have recommended actions that you can undertake to address the issue.

Security Status

An alert is raised at the location of the device that triggers the alert. Security status shows you which locations in your network are vulnerable, i.e., which locations have live security alerts. As shown below, from the menu icon (three vertical dots) on a location, you can select Show Status > Security Status to see a color-coded view of network vulnerability: red for locations that are vulnerable and green for locations that are not. Whether or not a WIPS or System alert contributes to the security status can be set while configuring those alerts.