User's Guide
AirTight Management Console User Guide
234
The threat details or the events are seen in the upper half of the page. The lower half of the page displays
the details of the participating device. and the administrator action logs. The middle of the page contains
the toolbar using which you can perform various operations related to the events seen in the upper half of
the page.
To view the threats for a location, do the following.
1.
Go to Forensics.
2. Select the location for which you want to view the threats. The AP and client based threats for the
selected location are displayed.
3.
Click the time hyperlink next to Select duration to define the time duration for which you want to view
the threats. The AP related threats and client related threats for this duration are displayed.
4.
Click the type of threat under AP related threats or client related threats. All events falling under this
threat category that have occurred during the selected time duration are displayed. The following
table describes the fields seen in threat details
Field Description
ID Event ID.
Event Severity
Indicates severity of the event. It is indicated using icons. Possible
values are high, medium, low.
Details Event description.
Start Time Event start time.
Stop Time. Event stop time.
Event Read Status Indicates if the event has been read.
Event Vulnerability Status
Indicates if the event contributes to the vulnerability of the location. It
is indicated using icons
Location Event location
Event Category Category of the event.
Event Type
Type of event. It is indicates using icons. possible values are
security, performance
View Event Summary
To view the threats for a location, do the following.
1. Go to Forensics.
2. Select the location for which you want to view the threats. The AP and client based threats for the
selected location are displayed.
3.
Click the time hyperlink next to Select duration to define the time duration for which you want to view
the threats. The AP related threats and client related threats for this duration are displayed.
4.
Click the + icon to the left of the event row to view the AP or client details. You can also view the
recommended action and the acknowledgement trail here, by clicking the respective hyperlinks.
Recommended action describes the nature of the threat, the impact of the threat, and the action to be
taken to mitigate the impact. Acknowledgement trail specifies whether or not this threat has been
acknowledged. If the event has been acknowledged, or if the vulnerability has been turned on/off, it
will show a trail of the comments for this activity.
View Participating Devices and Quarantine Status
In case of AP based threats, AP is the primary device. In case of client based threats, AP is the device
that is associated with the primary device (client).