V 2.0 Rogue SSID/SSID Spoofing Detected Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 Rogue SSID/SSID Spoofing Detected Event | Base Rule | Suspicious | Suspicious Activity |
| V 2.0 Rogue SSID Detected | Sub Rule | Suspicious | Suspicious Activity |
| V 2.0 SSID Spoofing Detected | Sub Rule | Attack | Spoofing Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | <vendorinfo> | Text/String | event type |
| type | <action> <tag1> | Text/String Text/String | description |
| ssid | N/A | N/A | N/A |
| bssid | N/A | N/A | N/A |
| src | <smac> | Text/String | N/A |
| dst | <dmac> | Text/String | N/A |
| wired_mac | N/A | N/A | N/A |
| vlan_id | N/A | N/A | N/A |
| channel | N/A | N/A | N/A |
| rssi | N/A | N/A | N/A |
| fc_type | N/A | N/A | N/A |
| fc_subtype | N/A | N/A | N/A |
| vap | N/A | N/A | N/A |