- Looking for some guidance on an API Call we have built; it is:
- We believe the query results show us the following information:
1) The controller has detected a Rogue AP, has placed it into a “contained” state and the controller has allocated APs with resources to contain it
2) The now “contained” Rogue AP has clients associated to it that would be potential targets for deauthentication frames
RogueApHistoryData is not part of the publicly supported API. As such, it may change or be removed without notice and we can't help you with it's use.
In Prime Infrastructure 3.2 there's a new API resource (GET data/RogueApAlarms). It has a response very similar to our GET data/Alarms resource, but includes a rogueApAlarmDetails object in the response. That objects lists (among other things) the rogue classification type (Friendly, Malicious, Unclassified, or Custom), the rogue MAC, the number of associated clients, the SSID, and the state (ALERT, KNOWN, THREAT, CONTAINED, CONTAINED_PENDING, KNOWN_CONTAINED, WIRE_CONTAINED, and a few other states).