WIFI: Add a wifi section

[StefanAustin]

Please describe what you are requesting
Add new possible options for wifi
Describe what change you are proposing
We to add support for wifi events and currently we do not have a schema for this. Meraki, Sophos, ASA (vendor_data_avg_rssi) and Fortigate have wifi events.

Describe the log source
Merak airmarshal eventsi:
1380781458.857790533 MR18 airmarshal_events type= rogue_ssid_detected ssid='' bssid='02:18:5A:AE:56:00' src='02:18:5A:AE:56:00' dst='02:18:6A:13:09:D0' wired_mac='00:18:0A:AE:56:00' vlan_id='0' channel='157' rssi='21' fc_type='0' fc_subtype='5'

Possible ideas:

wifi_ssid
wifi_freq
wifi_channel WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data
wifi_band
wifi_encyption
wifi_signal_strength sometimes wifi_rssi in db, maybe separate and at a unit field
wifi_signal_strength_unit
wifi_data_rate
wifi_data_rate_unit
wifi_fc_type_value Some options are management, control, extension and data frame type or the matching number
wifi_fc_type_desc
wifi_fc_subtype It is usually a number like 0x08 or 1000
wifi_fc_subtype_desc The description of a code 1000 is for beacon. We may want to add a lookup in core.
wifi_virtual_access_point Virtual access point, usually a text, but meraki gives it as a number

Notes:
At least ASA has a dashboard that looks for vendor_data_avg_rssi.

[miwent]

Review existing content for wifi events and open issues as needed to make existing content schema-compliant for the new fields.

[damianharouff]

Example Unifi message that emits rssi as a number: https://paste.cekkent.net/a790b0c1-d185-437e-abde-b67a65380676/7Sn2vGoQ