Use WIPS Events to configure events, filters, and threshold values for a WIPS policy.
The Excessive tab lists a series of events that can impact the performance of the network. An administrator can activate or deactivate the filtering of each listed event and set the thresholds required for the generation of the event notification and filtering action.
An Excessive Action Event is an event where an action is performed repetitively and continuously. DoS attacks come under this category. Use the Excessive Action Events table to select and configure the action taken when events are triggered.
AP events can be globally activated and deactivated as required using the Status option.
Setting | Description |
---|---|
Name | Displays the name of the excessive action event representing a potential threat to the network. This column lists the event being tracked against the defined thresholds set for interpreting the event as excessive or permitted |
Status | Displays whether tracking is activated for each Excessive Action Event. Use the Status option to activate or cancel events as required |
Filter Expiration | Set the duration between 0 to 86,400 seconds to filter the anomaly causing client. This creates a special ACL entry and frames coming from the client are silently dropped. The default setting is 0 seconds. If a station is detected performing an attack and is filtered by one of the APs, the information is passed to the domain controller or service platform |
Client Threshold | Set the client threshold between 0 to 65,535 seconds after which the filter is triggered and an event generated |
Radio Threshold | Set the radio threshold between 0 to 65,535 seconds after which an event is recorded to the events history |
Setting | Description |
---|---|
Name | Displays the name of the MU anomaly event representing a potential threat to the network. This column lists the event being tracked against the defined thresholds set for interpreting the event as excessive or permitted |
Status | Displays the status of the event and whether tracking is activated for each event. Each event is not selected by default. MU events can be globally activated and deactivated as required using the Status option |
Setting | Description |
---|---|
Status | Displays the status of the event and whether tracking is activated for each AP anomaly event. Each event is not selected by default. AP events can be globally activated and deactivated as required using the Status option |
Filter Expiration | Use the spinner to set filter expiration duration for the activated AP anomaly event between 0 to 86,400 seconds |