cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Alarm fatigue with Threat Active / External Honeypot in WIPS / RADAR

Alarm fatigue with Threat Active / External Honeypot in WIPS / RADAR

Steve_Ballantyn
Contributor
Hello folks,

I have a sprawling wireless network that covers a lot of acres in town. Aside from the insanely high number of guest wireless users, I also run alongside a lot of public buildings that have their own WiFi networks (such as a large car lot).

I seem to have a nagging collection of threats for "external honeypots". Which is OK if the device lingers. But I seem to get an alert for drive-by users. And I know sometimes a user requesting a network can result in a false detection. In other words, they fire open their laptop and Windows says "is there a dlink SSID in the house?" which then results in an External Honeypot message of "there is a dlink SSID!". I also seem so pick up a lot of cars from the car lot that have their own SSID's for the driver, passengers, and mechanics.

My question is, how do I make these threats self-clear? I have a bunch where the first/last seen is all in the same time/minutes/seconds? I went into XMC and edited the Alarm Definition. Then under Other Options I checked the box for Cleared by Alarms "Threat Inactive". And then I also tried checking "No Curent Alarm". But neither one seemed to clear up all my old alarms. I still need to manually right-click and clear selected alarm.

0 REPLIES 0
GTM-P2G8KFN