About RAPIDS

With Aruba Central, you can identify and act on interfering devices that can be later considered for investigation, restrictive action, or both. Once the interfering devices are discovered, Aruba Central sends alerts to the network administrators about the possible threat and provides essential information needed to locate and manage the threat.

This section includes the following topics:

Viewing the RAPIDS Page

To view the RAPIDS page, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.
  2. Under Manage, click Security. The RAPIDS > IDS > WIDS Events table is displayed.

Monitoring WIDS Events

The Manage > Security > RAPIDS > IDS tab provides a summary of the total number of wireless attacks detected for a given duration.

The WIDS Events table displays the following information category:

  • Infrastructure attacks—Displays the number of infrastructure attacks detected in the network.
  • Client attacks—Displays the number of client attacks detected in the network.

Table 1: WIDS Events

Field

Description

Event Type

The type of the intrusion or attack detected. Click the drop-down arrow at the column heading to filter the event types based on your requirement.

Category

Category of the intrusion or attack, infrastructure, or client attack. Click the drop-down arrow at the column heading to filter the category that you want to display.

Level

The level of the intrusion or attack detected. Click the drop-down arrow at the column heading to filter the attack level.

Time

Time of the intrusion or attack.

Station MAC

MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the station under attack or BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. of the AP under attack.

Detecting AP

The MAC address of the device that detected the intrusion or attack.

Radio Band

Radio band Band refers to a specified range of frequencies of electromagnetic radiation. on which the intrusion was detected. There are two radio band signals available, 2.4 GHZ and 5 GHZ. Click the drop-down arrow at the column heading to filter the radio band where the intrusion was detected.

Description

Details of the attack or the intrusion.

Note the following important points:

  • Clicking icon enables you to customize the WIDS Events table columns or set it to the default view.
  • To view the details of each event that is generated, click the arrow against each row in the table.

    Figure 1  Event Expansion

  • Intrusions are displayed for the time selected in Time Range Filter. The WIDS Events displays data for a maximum time period of 1 only.

Configuring IDS Parameters

The type and severity of Intrusion Detections raised by an access point (AP) is configurable and affects the data that is seen in the WIDS Events table. For more information, see Configuring IDS Parameters on APs.

Generating Alerts for Security Events

Aruba Central supports configuring alerts for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. events.

The following animation shows how to generate the alerts:

To generate alerts, complete the following steps:

  1. In the Aruba Central app, use the filter to select Global.
  2. Under Analyze, click Alerts & Events. The Alerts & Events page is displayed.
  3. In the Alerts & Events page, click the Config icon.

    The Alert Severities & Notifications is displayed.

  4. Select Access Point tab to display the AP dashboard. Aruba Central supports three alert types for identifying interfering devices:
    • Rogue AP Detected
    • Infrastructure Attacks Detected
    • Client Attack Detected
  5. Select an alert and click + to enable the alert with default settings. To configure alert parameters, click on the alert tile (anywhere within the rectangular box) and do the following:
    1. Severity—Set the severity. The available options are Critical, Major, Minor, and Warning.

      For a few alerts, you can configure threshold value for one or more alert severities. To set the threshold value, select the alert and in the exceeds text box, enter the value. The alert is triggered when one of the threshold values exceed the duration.

    2. Device Filter Options—(Optional) You can restrict the scope of an alert by setting one or more of the following parameters:
      • Group—Select a group to limit the alert to a specific group.
      • Label—Select a label to limit the alert to a specific label.
      • Sites—Select a site to limit the alert to a specific site.
    3. Notification Options
      • Email—Select the Email check box and enter an email address to receive notifications when an alert is generated. You can enter multiple email addresses, separate each value with a comma.
      • Streaming—Select the Streaming check box to receive the streaming notifications when an alert is generated.
      • Webhook—Select the Webhook check box and select the Webhook from the drop-down list. For more information, see Webhooks.
      • Syslog—Select the Syslog check box to receive the syslog notifications when an alert is generated.
    4. Click Save.

For more information on how to configure Alerts, see Configuring Alerts.

Generating Reports for Security Events

Aruba Central supports generating reports for IDS events. To generate reports, complete the following steps:

  1. In the Aruba Central app, use the filter to select Global.
  2. Under Analyze, click Reports.
  3. In the Reports page, click Create. Aruba Central supports Security Compliance to display the report of all wireless intrusions. For more information on how to create Reports, see Creating a Report.

For creating RAPIDS report, you need not select the Groups or Labels option. Also, you need not select the device groups name or labels name from the Device Groups or Labels drop-down lists, respectively.