You can review device identities and configurations, connection records, device locations, system responses, and administrator actions about the detected wireless threats.
The Forensics page displays the AP-based threats and client-based threats that have occurred at the selected location. These threats are displayed as lists and pie charts. AP-based threats are displayed at the top of the page. Client-based threats are displayed at the bottom of the page.
The pie charts displays summary information about threats:
- AP related threats
- Rogue AP
- Mis-configured AP
- Honeypot AP
- Banned AP
- Client related threats
- Unauthorized Association
- Bridging/ICS Client
- Banned Client
- Ad hoc Networks
Click Devices at the top right to see a pie chart based on the AP or client types. "Device" specifies the number of unique primary devices that were involved in a threat type.
Click Instances at the top right to see a pie chart based on the event types. "Instance" specifies the number of threats of the respective type in the given time frame.
To filter threats based on the time elapsed, select 4 Hours, 12 Hours, 24 Hours, or 48 Hours from the Select duration drop-down list.
To view the threats based on a custom time period, select Custom from Select duration and choose a From date and To date, then click Apply.