Managed Sentinel – Alert 160
|Alert Name||Potential rogue access points detected - Fortinet|
|Description||This alert identifies access points identified by Fortinate as potentially fake. The top 10 by number of log events are returned.|
An adversary could set up unauthorized Wi-Fi access points or compromise existing access points and, if the device connects to them, carry out network-based attacks such as eavesdropping on or modifying network communication.
|Threat Indicator||Unauthorized Access|
|MITRE ATT&CK Tactics||Execution|
|False Positives||New production wireless APs from a different manufacturer.|
|Recommendations||1. Notify the users/department using the rogue wireless device about the violation of Corporate Security Policy - policy notice|
2. Provide details about the rogue WLAN device such as type, model, IP address, physical location to head of department, IT Director
3. Initiate device removal from corporate network.