Hello,
I have it configured and triggered like this:
ids general-profile
wireless-containment tarpit-all-sta
wired-containment
wired-containment-ap-adj-mac
ids unauthorized-device profile
detect-adhoc-network
detect-wireless-bridge
rogue-containment
suspect-rogue-conf-level 100
no detect-sta-assoc-to-rogue
detect-misconfigured-ap
detect-valid-ssid-misuse
protect-ssid
no detect-unencrypted-valid-client
cfg-valid-11g-channel 1
cfg-valid-11g-channel 6
cfg-valid-11g-channel 11
cfg-valid-11a-channel 36
cfg-valid-11a-channel 40
cfg-valid-11a-channel 44
cfg-valid-11a-channel 48
cfg-valid-11a-channel 52
cfg-valid-11a-channel 56
cfg-valid-11a-channel 60
cfg-valid-11a-channel 64
cfg-valid-11a-channel 100
cfg-valid-11a-channel 104
cfg-valid-11a-channel 108
cfg-valid-11a-channel 112
cfg-valid-11a-channel 116
cfg-valid-11a-channel 120
cfg-valid-11a-channel 124
cfg-valid-11a-channel 128
cfg-valid-11a-channel 132
cfg-valid-11a-channel 136
cfg-valid-11a-channel 140
cfg-valid-11a-channel 149
cfg-valid-11a-channel 153
cfg-valid-11a-channel 157
cfg-valid-11a-channel 161
cfg-valid-11a-channel 165
valid-and-protected-ssid "eduroam"
valid-and-protected-ssid "uw-guest"
valid-and-protected-ssid "uw-nsd2"
valid-and-protected-ssid "uw-unsecured"
detect-ht-greenfield
no detect-valid-client-misassociation
Which are both used by my AP groups and air monitor groups.
I see it reported in the aruba security dashboard:
Tarpit Containment
AP Deauth Containment
AP Tagged Wired Containment
AP Wired Containment