Juniper Mist Alert Types
Infrastructure Alerts
In Juniper Mist, we present those events that don't fit neatly into the service-level experience (SLE) model as alerts. Whereas SLEs represent events that have already happened, alerts represent network and device issues that are ongoing. On the Monitor > Alerts dashboard, you can see three types of alerts: Infrastructure, Marvis, and Security.
Juniper Mist categorizes alerts that potentially affect a large number of clients as infrastucture alerts. For example, an event during which a Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), or RADIUS server is unreachable can affect many clients.Similarly, if a power supply on a switch is in alarm state, a large number of clients and a large amount of traffic could be affected.
The Mist Predictive Analytics and Correlation Engine (PACE) raises Marvis alerts for the events that Marvis tracks.For example, if an access point (AP) regularly fails health checks, Marvis notices and tracks this event.
Security alerts are raised by repeated events that could dramatically effect network security. For example, if a rougue AP is detected, that represents a potential security problem. If a client connects to a rougue AP, that could be even worse.
| Severity | Alert Name | API Only |
|---|---|---|
| Critical | ARP Failure | |
| Critical | DHCP Failure | |
| Critical | DNS Failure | |
| Critical | Virtual Chassis - Backup Member Elected | |
| Critical | Virtual Chassis - New device elected for Active Role | |
| Critical | Virtual Chassis Member Deleted | |
| Critical | Virtual Chassis Port Down | |
| Informational | ARP Recovered | X |
| Informational | BGP Neighbor State Changed | |
| Informational | BGP Neighbor Up | |
| Informational | Critical Switch Port Up | |
| Informational | Critical WAN Edge Port Up | |
| Informational | Device reconnected | X |
| Informational | Device restarted | |
| Informational | DHCP Recovered | X |
| Informational | DNS Recovered | X |
| Informational | HA Control Link Up | X |
| Informational | Switch reconnected | X |
| Informational | Switch restarted | |
| Informational | Virtual Chassis Member Added | |
| Informational | VPN Peer Up | |
| Informational | WAN Edge BGP Neighbor Up | |
| Informational | WAN Edge reconnected | x |
| Warning | BGP Neighbor Down | |
| Warning | Critical Switch Port Down | |
| Warning | Critical WAN Edge Port Down | |
| Warning | Device offline | |
| Warning | HA Control Link Down | |
| Warning | Loop detected (by AP) | |
| Warning | Switch Bad Optics | |
| Warning | Switch BPDU Error | |
| Warning | Switch DHCP Pool Exhausted | |
| Warning | Switch offline | |
| Warning | Switch PEM Alarm | |
| Warning | Switch PoE Alarm | |
| Warning | Switch Power Supply Alarm | |
| Warning | Switch Storage Partition Alarm | |
| Warning | Tunnel down | |
| Warning | VPN Peer Down | |
| Warning | WAN Edge BGP Neighbor Down | |
| Warning | WAN Edge DHCP Pool Exhausted | |
| Warning | WAN Edge offline | x |
| Warning | WAN Edge Source NAT Pool Threshold Exceeded |
Marvis Alerts
Marvis alerts are tied into the Marvis Action Dashboard. These alerts trigger whenever the corresponding Marvis Action is detected in your organization.If an AP regularly fails health checks, Marvis notices and tracks it.
The table below provides a listing of Marvis alerts, sorted by severity.
| Severity | Applies To | Alert Name |
| Critical | AP | AP health check failed |
| Critical | AP | AP insufficient capacity |
| Critical | AP | AP insufficient coverage |
| Critical | AP | Bad cable |
| Critical | AP | Non-compliant |
| Critical | AP | Offline (Marvis) |
| Critical | connectivity | ARP failure (Marvis) |
| Critical | connectivity | Authentication failure (Marvis) |
| Critical | connectivity | DHCP failure (Marvis) |
| Critical | connectivity | DNS failure (Marvis) |
| Critical | WAN edge | Bad cable |
| Critical | WAN edge | Bad WAN Uplink |
| Critical | WAN edge | Negotiation mismatch |
| Critical | WAN edge | VPN Path Down |
| Critical | switch | Bad cable |
| Critical | switch | Missing VLAN |
| Critical | switch | Negotiation mismatch |
| Critical | switch | Port Stuck |
| Critical | switch | Switch STP Loop |
| Warning | switch | Port flap |
Security Alerts
Security alerts warn you of activities or events on the network that can cost you in terms of lost data, unauthorized access to the network, or traffic that matches known security threats. Juniper Mist lists all security alerts except those that relate to intrusion detection and prevention (IDP) or URL filtering on the Monitor > Alerts page. You can find IDP and URL filtering events and their severity on the Site > WAN Edge > Secure WAN Edge IDP/URL Events page.
| Severity | Alert Name |
| Critical | Client Connection to rogue AP detected |
| Critical | Rogue AP detected |
| Informational | Air Magnet Scan detected |
| Informational | EAP Handshake Flood detected |
| Warning | Active Watched Station detected |
| Warning | Adhoc Network detected |
| Warning | BSSID Spoofing detected |
| Warning | Disassociation Attack detected |
| Warning | EAP Dictionary Attack detected |
| Warning | EAP Failure Injection detected |
| Warning | EAP Spoofed Success detected |
| Warning | EAPOL-Logoff Attack detected |
| Warning | ESSID Jack detected |
| Warning | Excessive Clients detected |
| Warning | Excessive EAPOL-Start detected |
| Warning | Fake AP Flooding detected |
| Warning | Honeypot SSID detected |
| Warning | IDP attack detected |
| Warning | Monkey Jack detected |
| Warning | Out of Sequence detected |
| Warning | Repeated Client Authentication Failures |
| Warning | Replay Injection detected - KRACK Attack |
| Warning | Security Policy Violation |
| Warning | SSID Injection detected |
| Warning | TKIP ICV Attack |
| Warning | URL blocked |
| Warning | Vendor IE Missing |
| Warning | Zero SSID Association Request detected |