Managed Sentinel – Alert 160
| Alert ID | MS-A160 |
| Alert Name | Potential rogue access points detected - Fortinet |
| Description | This alert identifies access points identified by Fortinate as potentially fake. The top 10 by number of log events are returned. An adversary could set up unauthorized Wi-Fi access points or compromise existing access points and, if the device connects to them, carry out network-based attacks such as eavesdropping on or modifying network communication. |
| Severity Level | Low |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Execution |
| Log sources | IPS/IDS |
| False Positives | New production wireless APs from a different manufacturer. Guest users |
| Recommendations | 1. Notify the users/department using the rogue wireless device about the violation of Corporate Security Policy - policy notice 2. Provide details about the rogue WLAN device such as type, model, IP address, physical location to head of department, IT Director 3. Initiate device removal from corporate network. |