Manualshelf

User Manual Part 1

ManualsBrandsMojo Networks ManualsElectronicsSpectraGuard Access Point / Sensor
31323334353637383940
Events Tab
SpectraGuard® Enterprise User Guide
26
Event Severity: High, Medium, or Low. The event rows are highlighted in red, orange, or yellow color
based on the severity level being High, Medium, or Low respectively.
Event Status: New, Read, or Acknowledged
Activity Status: Live, Instantaneous, or Expired
Viewing Events Lists
You must view events in order to take corrective actions. Use the following steps to view an event list:
1. In the Location tree, select a location.
2. In the right pane, select a tab All, Security, System, or Performance. Event list with following
columns displays:
Events Tab Column Header
ID: Specifies the unique identification number of the event.
Severity Icon: Specifies the severity of an event as High denoted by icon, Medium denoted by
icon, or Low denoted by icon respectively.
Read Status Icon: Specifies if an event is new (that is, unread), read, or acknowledged, or a
combination of these options.
Activity Status Icon: Specifies if an event is live (in progress), is active and an activity has occurred
since it was last read, or past (already occurred). The system follows a Live Event Architecture
(LEA) where live or instantaneous events are used to classify events based on the duration of their
occurrence as follows:
Live: Have a valid start time stamp and are denoted by the icon. A live event
indicates that the triggers that raised the event are operational or continue to exist. On
expiration, a valid stop time stamp is assigned to it. One or more conditions can
trigger the start and stop of a live event. For example, consider the event ‘Rogue AP is
Live’. This event will have a start and stop time and therefore, it is easy to figure out
that the Rogue AP is still operating. A live event designated by the icon indicates
an event that has been updated, that is, some activity has occurred after the event has
been read.
Expired: Live events are marked as ‘Expired’ once the triggers that caused the events
are no longer operational. For example, once a Rogue AP has been located and
removed by the administrator and is no longer in operation, the event related to the
Rogue AP is marked as ‘Expired’. Expired events are marked with the icon.
Instantaneous: Instantaneous events are the events triggered based on a trigger that
does not have continuity. These events are raised each time the trigger is detected by
the system. These events are indicated by the icon. For example, ‘Change in the
SSID of an Authorized AP’ or ‘Beacon with a large Contention Free Period (CFP)
duration detected’. All offline events (events synchronized from a Sensor that has
reconnected after operating in the Offline mode) are also treated as instantaneous
events.
Contribution to Vulnerability: Indicates if that event occurrence is considered for determining the
network’s vulnerability status on the Security Dashboard. The icon denotes that the event does
not contribute to vulnerability status and is secure. The icon denotes that the event contributes
to vulnerability status and is vulnerable.