Please modify your code to have two separate alert functions for rogue vs. malicious rogue AP's. I currently have my vSZ 220.127.116.11.699 configured to email me for code "186 - Classified rogue AP." Unfortunately this sends me an email for EVERY rogue device it finds, which is about one rogue detected every 30 seconds across my entire network which is greater than 2000 alerts a day! I am ONLY interested in being alerted to malicious rogue devices, but there is not way to specify alerting on just malicious rogue devices, it's all or nothing which is incredibly frustrating. Perhaps the other solution is to stop marking every seen SSID as rogue? It's a bit silly to me that every SSID seen is marked as a "rogue" device, thereby having the ruckus un-educated to think someone is trying to hack your network. For most normal users, a rogue device means a bad device that needs to be dealt with, not the high-end car with built in WiFi starting up in the parking lot at the end of the day.
Because malicious rogue email alerting is incredibly important to us, I am now using an Outlook server-side rule to delete the standard Rogue notifications as they are completely useless; this has allowed only the malicious rogue email notifications through. This is a solution to a problem that never should have existed!
Is there any solution to this? I've been searching documentation and so far have found nothing. It's ridiculous that rogue AP's detected outside of policy/rules show up as rogue and there's no way to eliminate them. We are located in an area where we get every car that has Wifi enabled as a rogue AP because of a a busy highway and a Lowes parking lot. I only want to alert on rogue AP's that we declare as malicious that are Spoofing our SSID's.