User's Guide
227
View and Manage Events
The Events page provides information about events generated in the system. On this page, you can
view, filter, locate, acknowledge, mark as read or unread, and toggle the state of the event’s participation
in vulnerability computation. You can also print the list of events seen at a location.
AirTight WIPS classifies events into the following types - Security, System, and Performance.
Security events are related to wireless security threats. For instance, if a rogue AP tries to access the
network,a security event is generated.
Security events are further categorized based on the wireless security threats. The categories of security
events are as follows.
Events generated by rogue APs.
Events generated by misconfigured APs.
Events generated by misbehaving clients.
Events generated by ad hoc networks.
Events generated due to man-in-the-middle attacks.
Events generated due to DoS (denial of service) attacks.
Events generated due to MAC spoofing.
Events generated due to prevention.
Events generated due to wireless reconnaisance.
Events generated due to cracking of the wireless network.
System events indicate the health of the system. They are further categorized as based on the events
generated by the sensor, the AirTight WIPS server and troubleshooting events.
Performance events indicate wireless network performance problems. They are further categorized on
the basis of bandwidth, configuration, coverage, and interference. These can be used to understand
problems related to the wireless network performance.
The Events page is divided into two panes. The upper pane shows a list of events for the selected
location. The lower pane shows the details of the sub-events, devices in the event and sub-event that are
related to the event you select in the upper pane of the Events page. A maximum of 50 sub-events per
event are presented in specific deployments. Some deployments can present only upto 25 sub-events for
an event.
When you click a device in the Devices in Selected sub-event widget, you can get more information about
the device. This device information is available in specific deployments only.
There is a toolbar between the upper pane and the lower pane. It contains icons to perform various event-
related operations such as change location of events, change vulnerability status of events, delete
events, print events etc.
The following table describes the event-related fields seen in the upper pane of the Events page.
Field Description
ID System generated Event ID for the event.
Event Severity
Severity of the event indicated by icons. Severity could be high, medium
or low.
Event Activity Status
Event status indicated by icons. The possible values are live,
instantaneous, updated, expired.
Details Event description.