User Manual Part 3
Forensics Tab
SpectraGuard® Enterprise User Guide
167
The fields in Admin Tab are as follows:
User: Specifies the name of the user who took action on the threat.
Action: Specifies the action taken by the user for the AP based threat such as AP added to quarantine, AP
name changed
Time: Specifies the time when the user action was taken
Note: All the above tabs Association, Prevention, and Admin shows the information based on the Device and Event selected
in the Threats List dialog.
Note: AP Based Threat – Rogue AP, Mis-configured AP, and Honeypot AP have the same fields for the tabs Association,
Prevention, and Admin. However AP Based Threat – DoS has some different fields as discussed in the section below.
AP Based Threat – DoS
DoS is classified into two categories:
Unicast: In Unicast only one Client connected to the AP is effected in the DoS attack
Broadcast: In Broadcast all the Clients connected to the AP are effected in the DoS attack
To open the AP – DoS Threat Details dialog, select the AP – DoS threat row on the Forensics screen, and click
Details. The AP – DoS Threat Details dialog opens.
AP – DoS Threat Details dialog
AP DoS Threat – Association tab
The fields in Association Tab are as follows:
AP
Client: Incase of Unicast, a single Client name appears, click the Client name, the Client Details screen
opens. Incase of Broadcast, All Clients is displayed in the Client name.