Wireless Network Misconfigurations
The report tracks misconfigurations found on wireless network devices. This report provides visibility into data collected from IDS/IPS, NAC, network scanners, and other sources of data. This report displays a list of misconfigurations found on wireless access devices. Use this report to view the misconfiguration information and continuously monitor the data to identify devices that are not configured properly.
Implementation and/or exploitation of wireless technology within a network is one of the most common paths for malicious users to gain access to the network and cardholder data. Corporate controlled or rogue access devices that are not configured with appropriate security configurations can allow an attacker to invisibly enter the network and put cardholder data at risk.
Note: This report does not display unencrypted traffic directly, only misconfigurations that indicate the possible transmission or side-channel leakage of unencrypted traffic. For a full traffic report, see Network Traffic Activity in the Installation and Configuration Manual.
Relevant data sources
Relevant data sources include misconfiguration data found by wireless network monitoring products or IDS systems. Relevant data sources also include data collected from IDS/IPS, NAC, network scanners, and other similar sources of data.
How to configure this report
- Index network misconfiguration data in Splunk platform.
- Map the data to the following Common Information Model fields:
host, ids_type, category, signature, severity, src, dest, vendor_product
. CIM-compliant add-ons for these data sources perform this step for you. - Tag wireless misconfiguration events with misconfiguration and wireless.
Report description
The data in the Wireless System Misconfiguration report is populated by the IDS Attack and Vulnerabilities data models.
Useful searches for troubleshooting
Troubleshooting Task | Search/Action | Expected Result |
---|---|---|
Verify that data is present. | tag=misconfiguration tag=wireless | Returns wireless system misconfiguration data. |
Verify that fields are normalized and available. | `ids_attack` | search tag=misconfiguration tag=wireless | tags outputfield=tag | table_time,host,sourcetype,dvc,ids_type,category,signature,severity,src,dest,<br>tag,vendor_product |
Returns a list of events and the specific wireless system misconfiguration fields of data populated. |
Weak Encrypted Communication | Credit Card Data Found |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!