Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Monitoring
What happens if memory limit is reached on the gateway?
When the limit is reached, the traffic inspection engine restarts. The memory consumption by traffic inspection engine is capped on each gateway model based on the available memory. The following table lists the memory limit for each gateway model.
|
Gateway Model |
Capacity |
|---|---|
|
HPE Aruba Networking 9004 |
1.8 GB |
|
HPE Aruba Networking 9004-LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G. |
1.8 GB |
|
HPE Aruba Networking 9012 |
1.8 GB |
|
HPE Aruba Networking 9114 |
14 GB |
|
HPE Aruba Networking 9240 |
30 GB |
Can I view the threat data for different durations?
Yes, you can view the threat data for 3 hours, 1 day, 1 week, 1 month, and 3 months by selecting a duration in the time range filter.
Can I view the threat data for a duration of more than three months?
In the current release, you cannot view the threat data for a duration of more than three months.
Does Threats List page have client role information?
Yes, it has the Client Role column. When there is a threat event match, the corresponding event displays the source role of the traffic in the Threats List table. For more information, see Threats List.
How do I view the threats that are identified?
The dashboard displays the threat details associated with the IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. supported gateways with IDPS license and the clients connected to the IDPS supported gateways. The dashboard displays the threats detected by the traffic inspection engine in different charts and tables. The charts and tables displayed are , , , , and . For more information, see Viewing Threat Details in the Gateway IDS/IPS Dashboard and Threats List.
How do I view the details of the most affected gateways?
When you select in the filter, the chart in the Gateway IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network./IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. dashboard displays the top 10 gateways with the number of threats detected in a stacked horizontal bar chart. For more information, see Most Affected Gateways or Hosts Chart
How do I view the details of the most affected hosts?
When you select a group in the filter, the chart displays the number of threats detected for the top 10 hosts connected to all IDPS supported gateways within a group. When you select a IDPS supported gateway in the filter, the chart displays the number of threats detected for the top 10 hosts associated with the gateway. For more information, see Most Affected Gateways or Hosts Chart.
What does HTTP and SMTP convey in the Threats chart?
In the chart, the and are the types of protocols for which the threats are identified. When you click on a protocol, the bar chart hides or shows the number of threats detected for the selected protocol for the selected duration.
What does % change convey in the Trends chart?
In the chart, the % change displays the percentage of change in the number of threats versus the previous time period.
How do I view the details of the most threat generating sources and destinations?
In the dashboard, the chart displays source and destination of the top threat generating traffic. For more information, see Viewing Threat Details in the Gateway IDS/IPS Dashboard.
How do I view the details of a particular threat?
In the table, select a threat and click the 
icon to view the details of the selected threat. The Additional Details section displays the description of the alert along with impact. For more information, see Threats List.
How do I allow a rule?
In the table, select a threat and click the 
icon to allow a threat. For more information, see Threats List.
How do I view the geolocation of the detected threats?
In the dashboard, the displays the geolocation details of the detected threats and on the threats table. For more information, see Viewing Threat Details in the Gateway IDS/IPS Dashboard and Threats List.
Where can I see the ruleset version?
You can view the ruleset version under Manage > Devices > Gateways. The Ruleset Type column displays the version that is currently running on the device such as 5.x or 6.x.
