V 2.0 802.11 Disassociation Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 802.11 Disassociation Event | Base Rule | Network Traffic | Access Point Disassociation |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | flow start time |
| N/A | N/A | N/A | flow stop time |
| N/A | <object> | Text/String | device |
| N/A | <vendorinfo> | Text/String | event type |
| type | <action> | Text/String | description |
| radio | N/A | N/A | N/A |
| vap | N/A | N/A | N/A |
| client_mac | <dmac> | Text/String | N/A |
| client_ip | <dip> | IP Address | N/A |
| channel | N/A | N/A | N/A |
| reason | <reason> | Number | N/A |
| instigator | N/A | N/A | N/A |
| duration | N/A | N/A | N/A |
| auth_neg_dur | N/A | N/A | N/A |
| last_auth_ago | N/A | N/A | N/A |
| is_wpa | N/A | N/A | N/A |
| full_conn | N/A | N/A | N/A |
| ip_resp | N/A | N/A | N/A |
| ip_src | <sip> | IP Address | N/A |
| arp_resp | N/A | N/A | N/A |
| arp_src | N/A | N/A | N/A |
| dns_server | N/A | N/A | N/A |
| dns_req_rtt | N/A | N/A | N/A |
| dns_resp | N/A | N/A | N/A |
| identity | <account> | Text/String | N/A |
| aid | N/A | N/A | N/A |