Airspace Monitoring Alerts

Applies To: WatchGuard Cloud-managed Access Points (AP130, AP330, AP332CR, AP430CR, AP432)

You can receive device alert notifications from Airspace Monitoring about malicious access points. For more information about how to manage WatchGuard Cloud alert notifications, go to Manage WatchGuard Cloud Alerts.

View more details about detected malicious access points in the Airspace Monitoring report. For more information, go to Access Point Airspace Monitoring Report.

Airspace Monitoring and ThreatSync

You can integrate Airspace Monitoring alerts with ThreatSync. ThreatSync is a WatchGuard Cloud service that provides eXtended Detection and Response (XDR) technology for WatchGuard devices and products. You can receive alerts within ThreatSync when Airspace Monitoring detects malicious access points such as Rogue and Evil Twin access points. For more information, go to About ThreatSync.

ThreatSync currently only detects and reports on wireless threats. ThreatSync does not remediate wireless threat incidents to prevent connections to the malicious access point or disconnect wireless clients that have already associated to a malicious access point.

View Airspace Monitoring Alert Notifications

If there are any active alerts for your account, you see a red indicator next to the alerts icon () in the ribbon.

Screenshot of the Alerts Notifications in a WatchGuard Cloud account

Click to view a list of the most recent active alerts. Click View Alerts or click a specific alert to open the Alerts page where you can view all of the alerts for your account.

Screenshot of alert notifications for Airspace Monitoring in WatchGuard Cloud

The alert details message includes:

The type of detected malicious access point (Rogue, Suspected Rogue, or Evil Twin access point)
The SSID broadcast by the malicious access point
The MAC address of the malicious access point (wired interface for a Rogue access point, BSSID wireless interface for an Evil Twin access point)
The RSSI (Received Signal Strength Indicator) of the malicious access point measured in decibels per milliwatt (dBm).
The WatchGuard access point that detected the malicious access point and generated the alert

Screenshot of the details for an Airspace Monitoring alert in WatchGuard Cloud

Create Airspace Monitoring Alert Notification

If you want to receive an alert notification for Airspace Monitoring events, you can create a new rule in WatchGuard Cloud for device alarm notifications:

From your WatchGuard Cloud account, select Administration > Notifications.
Select the Rules tab, then click Add Rule.

Screenshot of the Add Rule page for alert notifications in WatchGuard Cloud

In the Name text box, type a descriptive name for the alert notification.
From the Notification Source drop-down list, select Devices.
From the Notification Type drop-down list, select Device Alarms.
The Device Alarms type generates notifications for device alert conditions for both Firebox and access point devices.
From the Delivery Method drop-down list, you can select None that generates an alert that appears on the Alerts page, or Email that generates an alert that appears on the Alerts page and also sends a notification email to the specified recipients.

In addition to Airspace Monitoring events, the Device Alarms rule generates device notifications for many other alert conditions for both Firebox and access point devices. This might increase the potential volume of alert messages if you enable Email notifications.

Click Add Rule.

For more information about how to create notification rules, go to Configure Rules for Notifications.