The LOCH Incident App is a Console and Android connected solution designed to connect on-the-ground response teams with Wireless operations/monitoring teams to track down WiFi Access Points that may present a risk to your airspace.
Teams can effectively communicate together when identifying and tracking a threat using this system.
Definitions
- Responder: A person with an Android phone with the Incident App loaded and connected to the 802 Secure Cloud
- Analyst: The person tasked with monitoring the air space, identifying violating devices and coordinating the response (may be the same as Responder)
- Incident: An Access Point that needs to be tracked and responded to
Incidents in the Console
The Incident Tracker provides a simple Kanban-style process to create, track and resolve issues related to identifying and responding to wireless threats.
Incident states are tracked across Open -> In Progress -> Closed and Archived. They be created by an Analyst and tracked from the 802 Secure Cloud.
Creating an Incident
To create an incident, identify an Access Point through event notification, operation review or any other means. This can be from the Event Dashboard or Access Point list/detail pages.
Hover the mouse over the BSSID address and click on it to open the detail popup.
From the popup, hover over the Incident button and click on it.
If a prior incident has been seen for this system a dialog will appear whether to create a new incident or attach to a prior one.
The Incident dialog will appear:
From here you can add any additional details, select the severity, link it to an existing Incident.
Assigning the incident to a device will notify the Responder's Android device that a new incident has been assigned for them to track down.
Android Devices
A Responder's Android device must first be associated to the LOCH Server before it can be used.
For on-premise installations, Android application must be configured to reach the internal address of the Console.
Log in to the Console and select Activate Device. A dialog will appear asking to activate a New device or renew an Existing device:
After selection the Enter Activation Code screen will appear. This is where an operator or responder would enter the six character code from the Android application:
On the Android device, open the Incidents App to view the six character activation code:
Enter the code on the Console page and give the device a name and press the checkmark:
Devices are managed through the App Devices page.
On Premise Setup
For installations not using the LOCH Cloud infrastructure, on the Android device after starting the LOCH Incidents App select the three dots at the top right of the display followed by Settings:
In the settings, press the Change API URL option and enter your on-premise URL:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article