This alert identifies access points identified by Fortinate as potentially fake. The top 10 by number of log events are returned.
An adversary could set up unauthorized Wi-Fi access points or compromise existing access points and, if the device connects to them, carry out network-based attacks such as eavesdropping on or modifying network communication.
MITRE ATT&CK Tactics
New production wireless APs from a different manufacturer.
1. Notify the users/department using the rogue wireless device about the violation of Corporate Security Policy - policy notice
2. Provide details about the rogue WLAN device such as type, model, IP address, physical location to head of department, IT Director
3. Initiate device removal from corporate network.