This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

WIPS alerts

WIPS alerts

Jeff_Roberts
New Contributor

‎03-18-2019 08:06 PM

I've enabled WIPS on several APs & their controller. I enabled all alerts available in the WIPS policy I created.
I'm receiving many "excessive scanning" alerts from numerous devices but I can't find any information about this situation. What is "excessive scanning"? Does it pose a threat?
Is there any best practice document available for setting up/maintaining WING WIPS?

Thanks!
Jeff
0 Kudos
1 REPLY 1

Sukhdeep_Singh_
Extreme Employee

‎03-20-2019 11:10 AM

Jeff,

When you enabled the events, you must have configured some thresholds. Check the WIPS Events --> Excessive tab. The Event is triggered when the sensor finds a certain number of probe requests within a certain time interval (say Y). Both these fields are configurable and the default number is 30 scans for one client. So if you configure the time interval (Y) to 1 minute, then it is easy to trigger the event.

Please check what values are configured. For these events, you can configure thresholds depending upon how aggressive detection you want.

regards,
Sukhdeep
0 Kudos
Top
GTM-P2G8KFN