I configured WIPS option in HM based on Detect rogue access points based on hosted SSIDs and encryption type and Enable rogue client reporting
When I go to monitoring->Security I only see unathorized APs and Clients. Is that what WIPS mean ?
Hope I'm not asking foolish question 🙂
The HiveManager will classify as Rogue depending on how you configure the WIPS Policy,
In the link Sam shared, under "Configure WIPS Settings"
Determine if detected rogue APs are connected to your wired (backhaul) network
Detect rogue access points based on their MAC OUI
Detect rogue access points based on hosted SSIDs and encryption type
Detect if wireless clients have formed an ad hoc network to identify rogue clients
It must be clear that an "Unauthorized" device is not necessarily a threat. It only means it is in the same shared airspace or can be overheard from a distance.
A "Rogue" Device can be many things, based on the Configuration in the WIPS Policy, but typically a Rogue that you would be cautious of, is one that is on your Network and Broadcasting an Ad-hoc SSID or cloning your SSID.
Hope this helps,