Overview
The honeypot access point alert triggers when WIDS detects a honeypot (also known as an evil twin) access point. A honeypot AP mimics a legitimate network to trick users into connecting, potentially exposing their traffic to attackers.Prerequisites
- Dashboard access with Admin or Network Admin permissions
- Alert receivers configured
- WIDS enabled
Configuring the alert
Configuration fields
| Field | Required | Description |
|---|---|---|
| Enabled | Yes | Toggle to activate or deactivate the alert (default: on) |
| Label | No | Custom name for this alert instance |
| Description | No | Additional notes about this alert |
| Alert type | Yes | Select “Honeypot AP” |
| Receiver | Yes | Select from configured receivers |
| Company wide | Yes | Apply to all networks or select specific networks |
| Excluded networks | No | Networks to exclude when Company wide is enabled |
Webhook event
This alert corresponds to theALERT_HONEYPOT_AP_DETECTED webhook event. See Honeypot access point webhook payload for integration details.
What to do when you receive this alert
- Review the alert details to identify the suspected honeypot AP
- Determine if this is a legitimate device (e.g., a personal hotspot)
- If unauthorized, attempt to locate and remove the device
- Contact Meter Support for assistance with investigation
Related resources
Need help?
If you run into any issues or have questions, please reach out to our Support Engineering team by opening a ticket via the Dashboard: https://dashboard.meter.com/supportLast updated by Meter Support Engineering on 01/23/2026