fields are supported QPrism header (useful if supported by the monitoring device) QIEEE 802.11 header QManagement frames (fixed and tagged parameters) QControl frames QData frames (LLC, WEP and IEEE 802.1X/EAP headers) s Our current rules definition: ~ 60 logging events Q15 informational Q13 level 2 (Default SSID, Signal Variations, Unauthorized SSID…) Q15 level 3 (WEP injection, SSID changed…) Q9 level 4 (RogueAP, White-listed AP MAC Spoofing…) Q6 level 5 (RogueAP Intranet Interconnected…) s Of course, rules must be tuned regarding your wireless environment…