Using the IDS Events Report

The IDS Events Report lists and tracks IDS events on the network involving APs or controller devices. This report cites the number of IDS events for devices that have experienced the most instances in the prior 24 hours, and provides links to support additional analysis or configuration in response. You can filter this report to show IDS events for specific devices (Controllers, APs, etc.) By default, this report will show up to 10 IDS for each specified device type. You can change this value to anything other than 0.

The Home > Overview page also cites IDS events. Triggers can be configured for IDS events. Refer to Creating New Triggers for additional information.

Figure 1 and Table 41 illustrate and describe the IDS Events Detail report. Selecting the AP device or controller name takes you to the Devices > List page.

Figure 1  IDS Events Report Illustration

 

Table 41: IDS Events Detail Unique Fields and Descriptions

Field	Description
Device/Controller	These columns list the controllers and other devices for which IDS events have occurred in the specified time range, and provides a link to the Devices > Monitor page for each.
Total Events	Shows the number of events for each AP and/or Controller.
First Event	Shows the date and time of the first event.
Most Recent Event	Shows the date and time of the last/most recent event.
Attack	Displays the name or label for the IDS event.
Attacker	Displays the MAC address of the device that generated the IDS event.
Radio	Displays the 802.11 radio type associated with the IDS event.
Channel	Displays the 802.11 radio channel associated with the IDS event, when known.
SNR	Displays the signal-to-noise (SNR) radio associated with the IDS event.
Precedence	Displays precedence information associated with the IDS event, when known.
Time	Displays the time of the IDS event.