Incidents
The Incidents page provides overall information about the incidents that have occurred on the network.

- Total Incidents bar chart
- Client trends time-series chart
- Incidents Table
The Network Hierarchy filter and Date and Time filter are displayed in the upper-right corner of the Content panel. These options control the elements displayed within the Content Panel. To modify these options, refer to Content Panel.
Total Incidents Bar Chart
Total Incidents displays the total number of incidents in "big number" format, as well as the number of incidents per severity in "bar graph" format, that occurred for the selected network node and date/time filters. The capsule next to the Total Incidents count indicates the change in incident volume compared to the previous period, based on the currently selected time range. A green capsule displays the number of incidents decreased from the previous period. A red capsule displays the number of incidents increased from the previous period. A grey capsule with a 0 indicates no change in the incident count. The previous period is determined relative to the selected range. For example, if the current period is 'Last 7 Days', the comparison is made against the 7 days preceding that range.

Priority | Severity | Color |
---|---|---|
P1 | Critical | Red |
P2 | High | Dark Orange |
P3 | Medium | Orange |
P4 | Low | Yellow |
Client Trends Time-Series Chart
- Blue line: This line represents the new client associations. The client count value includes all unique clients that attempted to connect to the network, including both failed and successful connections.
- Orange line: This line represents the connected clients. The client count value indicates only successfully connected clients to the network.
- Green line: This line represents the impacted clients. The client count value includes the number of clients impacted by the incidents, and it also includes clients who were unable to connect.

Pausing your cursor at any instance on the timeline displays a tooltip showing the number of new clients, impacted clients, and connected clients based on the selected network node and date/time filters. By default, the graph displays data for all three client categories. You can toggle the visibility of each category - New Client Associations, Connected Clients, or Impacted Clients - using the options at the top of the graph. When a category is hidden, its corresponding icon appears grayed out.
Incidents Table

Each incident is made up of a number of attributes. Above the table are search fields that allow you to refine the incident list based on your selected search criteria. Incidents that impact multiple nodes of a network hierarchy are grouped together, this group is indicated with a + icon displayed beside the incident severity. Click the + icon to expand the group and view more information about other incidents that contribute to the selected incident and information about the parent incident to which the selected incident contributes.
- Severity: Displays the severity of an incident, ranging from P1 to P4 (P1 being the highest priority and P4 the lowest). The severity of an incident is determined by the type of the incident, duration of the incident, number of impacted clients, number of impacted APs, scope of the incident (example: a zone-level incident is more severe than an AP-level incident), and other factors. Clicking this attribute displays the Incident Details page for the associated incident. You can filter incidents by severity using the Severity drop-down above the table.
- Date: Displays the date and time when the incident started. Clicking this attribute displays the Incident Details page for the associated incident.
- Duration: Displays the duration of the incident.
- Description: Displays a short description of the incident. To view the root cause, click Description attribute. The Incident Description dialog box is displayed. This dialog box displays the incident description and root cause. To view the incident details, click More Details in the Incident Description dialog box. The Incident Details page is displayed. For more information, refer to Incident Details.
- Category: Indicates the functional classification of the incident based on its nature or impact area, such as Connection, Performance, Infrastructure, or Security. You can filter incidents by category using the Category drop-down above the table.
- Sub-Category: Displays
the sub-category of the respective categories (connection, performance,
infrastructure, or security). You can filter incidents by sub-category using
the Sub-Category drop-down above the table.
Table 2. Incident Details Based on Categories and Sub-Categories Category Sub-Category Incident Description Scope Connection 802.11 Authentication 802.11 Authentication failures are unusually high in <Scope> AP/AP Group/Zone/Domain/SZ Connection DHCP DHCP failures are unusually high in <Scope> AP/AP Group/Zone/Domain/SZ Connection RADIUS RADIUS failures are unusually high in <Scope> AP/AP Group/Zone/Domain/SZ Connection Association Association failures are unusually high in <Scope> AP/AP Group/Zone/Domain/SZ Connection EAP EAP failures are unusually high in <Scope> AP/AP Group/Zone/Domain/SZ Connection Time To Connect Time to connect is greater than SLA threshold defined in <Zone> Zone Infrastructure Network The controller cluster is sending data with an incorrect future timestamp SZ Cluster Infrastructure Network The controller cluster is sending data with an incorrect past timestamp SZ Cluster Infrastructure Service Availability High AP-SmartZone connection failures in <Scope> AP Group/Zone Infrastructure Service Availability AP service is affected due to a high number of AP reboots AP Group/Zone Infrastructure Service Availability AP service is affected due to a high number of AP reboots AP Infrastructure VLAN Mismatch VLAN mismatch found in <Scope> Switch Group Infrastructure PoE PoE power denied in <Scope> Switch Group Infrastructure PoE AP(s) operating in Low Power Mode: <Scope> AP/AP Group/Zone Infrastructure Ethernet Physical link speed/duplex mismatch between AP and upstream device: <Scope> Zone Infrastructure Network The network latency between the SZ nodes is unusually high SZ Cluster Infrastructure Loop Detection Layer 2 loop detected in <Scope> Cluster/Domain/Switch Group (One incident per Switch Group)
Infrastructure LLDP Status LLDP status of <Scope> Switch Group Infrastructure Port Flap Port flap detected in <Scope> Switch Performance Coverage Clients with low RSS are unusually high in <Scope> AP Group/Zone Performance Channel Conditions - Sub-optimal channel conditions detected for 2.4 GHz in <Scope>
- Sub-optimal channel conditions detected for 5 GHz (outdoor) in <Scope>
- Sub-optimal channel conditions detected for 5 GHz (indoor) in <Scope>
AP Group Performance Load SZ controller is experiencing unusually high CPU usage. SZ Controller Performance Memory High memory utilization detected in <Scope> Switch Performance Airtime - Airtime Rx is unusually high in 2.4 GHz in <Scope>
- Airtime Rx is unusually high in 5 GHz in <Scope>
- Airtime Rx is unusually high in 6 GHz in <Scope>
Zone Performance Airtime - Airtime Tx is unusually high in 2.4 GHz in <Scope>
- Airtime Tx is unusually high in 5 GHz in <Scope>
- Airtime Tx is unusually high in 6 GHz in <Scope>
Zone Performance Airtime - Airtime Busy is unusually high in 2.4 GHz in <Scope>
- Airtime Busy is unusually high in 5 GHz in <Scope>
- Airtime Busy is unusually high in 6 GHz in <Scope>
Zone Security TCP-SYN DDoS TCP SYN DDoS attack found in <Scope> Cluster/Domain/Zone/Switch Group Performance Congestion Port congestion detected in <Scope> Switch Performance Uplink Congestion Uplink Port congestion detected in <Scope> Switch Group - Client Impact: Displays the percentage of clients impacted by the incident.
- Impacted Clients: Displays the number of clients impacted by the incident.
- Scope: Displays the area of the network in which the incident was detected. Pausing your cursor over the scope displays the entire path of the network node.
- Type: Displays the entity level at which the incident occurred. You can filter incidents by type using the Type drop-down above the table.
- Visibility: Indicates
whether an incident is muted or unmuted. This column helps you quickly
distinguish between the two using visual icons; the
icon represents an unmuted incident, while the
icon represents a muted incident. By default, only unmuted incidents are displayed in the table. Muted incidents are hidden unless explicitly filtered using the Visibility filter and do not trigger email or webhook notifications. You can use the Visibility filter above the table to view all, muted, or unmuted incidents.
Click the icon
at the top right of the table to export and download the complete incident list in
the csv format.
Click the Date attribute or Severity attribute to display the Incident Details page for the associated incident. This page displays a detailed report of the specific incident, including the information provided in the Incidents table, as well as root cause analysis and recommended actions, network impact, and associated metrics. For more information, refer to Incident Details.
Muting or Unmuting an Incident
Based on business priorities or operational considerations, you may choose to ignore certain incidents. In such cases, the incidents can be muted to prevent them from cluttering the Incidents table and triggering unnecessary notifications. You can manage incident visibility in the Incidents table using the Mute and Unmute options. By default, all incidents are unmuted and automatically displayed in the table. Muting an incident hides it from the Incidents table and suppresses both email notifications and webhook triggers. Muted incidents are also excluded from incident counts and related graph. To review muted incidents, use the Visibility filter, which provides options to show all, muted, or unmuted incidents. You can mute or unmute multiple incidents in bulk.
Muting an incident applies only within the current scope (such as Domain, Zone, AP Group, and so on) and does not affect its visibility in other scopes where the incident may also appear.
- In the Incidents
Table, select the radio button next to the incident you want
to mute or unmute.
You can select multiple incidents using the checkboxes to perform bulk mute or unmute actions.
Note: Selecting a group incident does not automatically select its associated child incidents. To mute or unmute all incidents within a group, each child incident must be selected individually.The action bar appears at the top of the table with Mute and Unmute options. Based on the current status of the selected incident(s), either Mute or Unmute will be disabled (grayed out).
- Click Mute or
Unmute as appropriate to update the visibility of the
incident.
The Visibility column in the Incidents table will reflect the change with the corresponding icon.