User Manual Part 3

Forensics Tab
SpectraGuard® Enterprise User Guide
167
The fields in Admin Tab are as follows:
User: Specifies the name of the user who took action on the threat.
Action: Specifies the action taken by the user for the AP based threat such as AP added to quarantine, AP
name changed
Time: Specifies the time when the user action was taken
Note: All the above tabs Association, Prevention, and Admin shows the information based on the Device and Event selected
in the Threats List dialog.
Note: AP Based Threat Rogue AP, Mis-configured AP, and Honeypot AP have the same fields for the tabs Association,
Prevention, and Admin. However AP Based Threat DoS has some different fields as discussed in the section below.
AP Based Threat DoS
DoS is classified into two categories:
Unicast: In Unicast only one Client connected to the AP is effected in the DoS attack
Broadcast: In Broadcast all the Clients connected to the AP are effected in the DoS attack
To open the AP DoS Threat Details dialog, select the AP DoS threat row on the Forensics screen, and click
Details. The AP DoS Threat Details dialog opens.
AP DoS Threat Details dialog
AP DoS Threat Association tab
The fields in Association Tab are as follows:
AP
Client: Incase of Unicast, a single Client name appears, click the Client name, the Client Details screen
opens. Incase of Broadcast, All Clients is displayed in the Client name.