Event Management- Event Metadata
Event Metadata helps to know the type of threats that are embarked upon the event. It will give us the trackable location, type of threat(if it is location based) and details of the event.
JSON Table
Parameter | Data Type | Description |
---|---|---|
minorType | int | The minor type event the metadata of which is being fetched. |
intermediateType | int | The intermediate type event the metadata of which is being fetched.
|
majorType | int | The major type of event the metadata of which is being fetched. |
title | String | Name or title of the event the metadata of which is being fetched. |
summary | String | Summary or short description of the event. |
description | String | Description of the event. |
recommendedAction | String | A recommended action. |
live | boolean | A true or false value indicates whether the event is live. True indicates that the event is live. False indicates that the event is expired. |
offline | boolean | A true or false value indicates whether the event is offline. |
restrictedForMTO | boolean | A true or false value indicates whether the event restriction state for the MTO is enabled. True indicates that the event restriction state is enabled, and False indicates that the event restriction state is disabled. |
deprecated | boolean | A true or false value indicates whether the event is deprecated and no longer available. True indicates that the event is deprecated, and False indicates that the event is not |
configurable | boolean | A true or false value indicates whether the event is configurable. True indicates that the event is configurable, and False indicates it is not. |
locationBased | boolean | A true or false value indicates whether the event is tied to a location. True indicates that the event is tied to a location, and False indicates it is not. |
locationTrackable | boolean | A true or false value indicates whether the event location is trackable. True indicates that the event location is trackable, and False indicates it is not. |
threatType | String | The threat type of an event. |
Copy Sample JSON
Sample JSON
{ ... ... ... "250": { "minorType": 250, "intermediateType": 51, "majorType": 5, "title": "SSID broadcast", "summary": "Authorized AP [%1$s] is broadcasting SSID [%2$s]", "description": "Authorized AP [%1$s] is including its SSID [%2$s] in its beacons. This may enable Unauthorized Clients to easily discover this AP and attempt to connect to it.", "recommendedAction": "As a security best practice, APs should be configured to not broadcast their SSIDs in beacons. Disable the SSID broadcast on the AP from its configuration settings.", "live": false, "offline": false, "restrictedForMT0": false, "deprecated": true, "configurable": false, "locationBased": true, "locationTrackable": true, "threatType": null }, "251": { "minorType": 251, "intermediateType": 52, "majorType": 5, "title": "Disassociation broadcast attack in progress", "summary": "Disassociation broadcast attack is in progress against Authorized AP [%1$s].", "description": "Disassociation broadcast attack is in progress against Authorized AP [%1$s]. The AP's details are: MAC address [%2$s], protocol [%3$s], channel [%4$d], SSID [%5$s], security setting [%6$s], vendor [%7$s], RSSI [%8$s] dBm.", "recommendedAction": "Disassociation broadcast attack is a type of DoS attack in which the attacker device sends spoofed broadcast disassociation messages to break or prevent all Client connections to the victim AP. While this attack is in progress, no Client will be able to connect to the AP. Locate the attacker device and shut it down immediately. You can use the event location tracking feature to determine the physical location of the attacker on the floor map. Note: If the attacker is outside your premises, location tracking will be coarse unless you have modeled the exteriors of the premises in the floor plan.", "live": true, "offline": false, "restrictedForMT0": false, "deprecated": false, "configurable": true, "locationBased": true, "locationTrackable": true, "threatType": "DoS" }, "252": { "minorType": 252, "intermediateType": 52, "majorType": 5, ""title": "Disassociation broadcast attack in progress", "summary": "Disassociation broadcast attack is in progress against Authorized AP [%1$s].", "description": "Disassociation broadcast attack is in progress against Authorized AP [%1$s]. The AP's details are: MAC address [%2$s], protocol [%3$s], channel [%4$d], SSID [%5$s], security setting [%6$s], vendor [%7$s], RSSI [%8$s] dBm.", "recommendedAction": "Disassociation broadcast attack is a type of DoS attack in which the attacker device sends spoofed broadcast disassociation messages to break or prevent all Client connections to the victim AP. While this attack is in progress, no Client will be able to connect to the AP. Locate the attacker device and shut it down immediately. You can use the event location tracking feature to determine the physical location of the attacker on the floor map. Note: If the attacker is outside your premises, location tracking will be coarse unless you have modeled the exteriors of the premises in the floor plan.", "live": true, "offline": false, "restrictedForMT0": false, "deprecated": false, "configurable": true, "locationBased": true, "locationTrackable": true, "threatType": "DoS" }, ... ... ... }
API Calls
/V5/events/metadata