Hi Jerrod,
Yes we are getting some alerts from the controller. Right now they are only authentication errors. As for RAPIDS we get emails when a rogue is detected.
The ideal situation is for us to
1. Create rules within RAPIDS (No issues here - all works well)
2. Receive emails from those rules (No issues)
3. Have the alerts sent to our SIEM (QRadar is our tool).
If that cannot be achieved, then the next best thing is to get rogue alerts from the controller to go to QRadar.
What makes it difficult is our separation of duties - slow process since I don't have full access to Airwave nor the master controller.