03-03-2019 10:44 PM - edited 07-05-2021 09:58 AM
I am currently testing the use of the auto containment feature to detect honeypot threats. The feature is already running well, the alarm can also detect if there is a malicious threat but I am still confused about how user behavior connects to honeypot? is it still able to connect to the SSID Honeypot but is interrupted by an access point associated with WLC or should the user not be able to connect at all?
Because at this time I test user can still connect to honeypot but only intermittently.
If anyone understands this case, please help.
03-04-2019 03:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide