-- CISCO-CIDS-MIB.my : Cisco Intrusion Detection System MIB -- -- December 2003, Shane J London -- -- Copyright (c) 2003 by Cisco Systems, Inc. -- All rights reserved. CISCO-CIDS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Unsigned32, Counter32, TimeTicks, Gauge32 FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, TruthValue, DateAndTime FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB Unsigned64 FROM CISCO-TC ciscoMgmt FROM CISCO-SMI; ciscoCidsMIB MODULE-IDENTITY LAST-UPDATED "200312180000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-netranger@cisco.com" DESCRIPTION "Cisco Intrusion Detection System MIB. Provides trap definitions for the evAlert and evError elements of the IDIOM (Intrusion Detection and Operations Messages) document and read support for the Intrusion Detection System (sensor) health information, such as if the sensor is in a memory critical stage." REVISION "200312180000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 383 } ciscoCidsMIBNotifs OBJECT IDENTIFIER ::= { ciscoCidsMIB 0 } ciscoCidsMIBObjects OBJECT IDENTIFIER ::= { ciscoCidsMIB 1 } ciscoCidsMIBConform OBJECT IDENTIFIER ::= { ciscoCidsMIB 2 } cidsGeneral OBJECT IDENTIFIER ::= { ciscoCidsMIBObjects 1 } cidsAlert OBJECT IDENTIFIER ::= { ciscoCidsMIBObjects 2 } cidsError OBJECT IDENTIFIER ::= { ciscoCidsMIBObjects 3 } cidsHealth OBJECT IDENTIFIER ::= { ciscoCidsMIBObjects 4 } -- Textual Conventions CidsErrorCode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumerated value which identifies the general category of error that occurred. errAuthenticationTokenExpired The requested action could not be carried out because the requestor has provided an authentication token (e.g. password) that has expired. errConfigCollision The value of the config-token request parameter in a setComponentConfig control transaction request does not match the current configuration document on the target host. Typically this indicates that the configuration on the target host has been modified by another user. errInUse The requested action could not be completed because it requires access to a resource that is in use. errInvalidDocument The request contained a document that was not well-formed, contained an incorrect root element, or contained additional elements or attributes that are not permitted by the lax IDIOM schema. errLimitExceeded The requested action could not be completed because it would create a resource that would exceed a system resource limit. errNotAvailable The requested action is supported but cannot be performed due to the current configuration of the target host. errNotFound A resource specified in the request does not exist. errNotSupported The requested action is not supported on the target host. errPermissionDenied The requestor does not have a sufficiently high authorization level to perform the requested action. errSyslog Used to convey messages of interest from the host system's syslog. errSystemError A system error occurred, such as an out-of-memory condition, disk access error, etc. errTransport The requested action could not be carried out because of a communications failure with another host that is involved in the action. errUnacceptableValue The request document was valid but contained one or more values that could not be accepted because they either: (1) conflict with other values in the same document or (2) are not acceptable due to the current state of the system. errUnclassified Used to convey an unclassified error condition. errWarning Used to convey a software warning condition detected by an application running on the host system. " SYNTAX INTEGER { errAuthenticationTokenExpired(1), errConfigCollision(2), errInUse(3), errInvalidDocument(4), errLimitExceeded(5), errNotAvailable(6), errNotFound(7), errNotSupported(8), errPermissionDenied(9), errSyslog(10), errSystemError(11), errTransport(12), errUnacceptableValue(13), errUnclassified(14), errWarning(15) } -- General cidsGeneralEventId OBJECT-TYPE SYNTAX Unsigned64 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Identifies the sequence number of an event. This value needs to be unique within the scope of the originating host." ::= { cidsGeneral 1 } cidsGeneralLocalTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The local time on the Cisco intrusion detection system sensor when the alert was generated." ::= { cidsGeneral 2 } cidsGeneralUTCTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The UTC time on the Cisco intrusion detection system sensor when the alert was generated." ::= { cidsGeneral 3 } cidsGeneralOriginatorHostId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A globally unique identifier for a Cids host. Could be a host name or an ip address." ::= { cidsGeneral 4 } cidsGeneralOriginatorAppName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The optional generic name of a Cids application." ::= { cidsGeneral 5 } cidsGeneralOriginatorAppId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The optional id of this instance of the application. Typically the process id (pid)." ::= { cidsGeneral 6 } cidsNotificationsEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether notifications will or will not be sent when an event is generated by the device." DEFVAL { false } ::= { cidsGeneral 7 } -- Alert cidsAlertSeverity OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The severity associated with a Cids signature (informational, low, medium or high for example)." ::= { cidsAlert 1 } cidsAlertAlarmTraits OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The alarm traits is an unsigned 16-bit integer representing the value of the 16 user-defined alarm traits specified in the configuration for the signature that triggered the alert. The alarmTraits bits are used to classify signatures into user-defined categories or groups." ::= { cidsAlert 2 } cidsAlertSignature OBJECT-TYPE SYNTAX SnmpAdminString ( SIZE ( 1..64 ) ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Content is a string containing details about the signature that fired, without any specifics tied to this instance of the alert. The cidsAlertSignatureSigName, cidsAlertSignatureSigId and cidsAlertSignatureSubSigId attributes define the signature that triggered this Alert." ::= { cidsAlert 3 } cidsAlertSignatureSigName OBJECT-TYPE SYNTAX SnmpAdminString ( SIZE ( 1..64 ) ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The name of the Intrusion detection signature that triggered this event." ::= { cidsAlert 4 } cidsAlertSignatureSigId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The ID of the Intrusion detection signature that triggered this event. The ID combines with the cidsAlertSignatureSubSigId to create a unique key that identifies the signature that generated this event." ::= { cidsAlert 5 } cidsAlertSignatureSubSigId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The optional Sub ID of the Intrusion detection signature that triggered this event. The Sub ID combines with the cidsAlertSignatureSigId to create a unique key that identifies the signature that generated this event." ::= { cidsAlert 6 } cidsAlertSignatureVersion OBJECT-TYPE SYNTAX SnmpAdminString ( SIZE ( 1..64 ) ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The optional version attribute defines the version number of the signature update in which the triggering signature was introduced or was last modified. Example: 4.1(1.1)S47(0.1)" ::= { cidsAlert 7 } cidsAlertSummary OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional, if present, specifies that this is a summary alert, representing one or more alerts with common characteristics. The numeric value indicates the number of times the signature fired since the last summary alert with a matching 'initialAlert' attribute value. The first and all subsequent summary alerts in a sequence will use the eventId of a previous non-summary evAlert in the initialAlert attribute value. All alerts represented by the summary alert share the same signature and sub-signature id. The summaryType attribute defines the common characteristic(s) of all alerts in the summary. The 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribute. The 'final' attribute may be omitted if and only if its value is false." ::= { cidsAlert 8 } cidsAlertSummaryType OBJECT-TYPE SYNTAX SnmpAdminString ( SIZE ( 0..16 ) ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Common characteristics shared by all non-summary alerts included in a summary alert." ::= { cidsAlert 9 } cidsAlertSummaryFinal OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The optional 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribute. The 'final' attribute may be omitted if and only if its value is false." ::= { cidsAlert 10 } cidsAlertSummaryInitialAlert OBJECT-TYPE SYNTAX Unsigned64 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Serial number for the initial alert, which is guaranteed unique within the scope of the originating host." ::= { cidsAlert 11 } cidsAlertInterfaceGroup OBJECT-TYPE SYNTAX Integer32 ( -2147483648..2147483647 ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional numeric identifier for a sniffing interface group on this host." ::= { cidsAlert 12 } cidsAlertVlan OBJECT-TYPE SYNTAX Unsigned32 ( 0..65535 ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "An optional numeric identifier for a vlan. Identifies the vlan that uses the number in ISL or 802.3.1q headers." ::= { cidsAlert 13 } cidsAlertVictimContext OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional Base64-encoded representation of the stream data that was sourced by the victim." ::= { cidsAlert 14 } cidsAlertAttackerContext OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional Base64-encoded representation of the stream data that was sourced by the Attacker." ::= { cidsAlert 15 } cidsAlertAttackerAddress OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the ip address within the network mapping, such as whether the address falls within the address range of a protected network. The optional 'proxy' attribute is 'true' if the sensor has reason to suspect that the address given is not the address of the true attacker. This could be a the result of address spoofing or because the host has been compromised and is acting as a 'zombie'. The 'proxy' attribute may be omitted if and only if its value is false." ::= { cidsAlert 16 } cidsAlertVictimAddress OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the ip address within the network mapping, such as whether the address falls within the address range of a protected network." ::= { cidsAlert 17 } cidsAlertIpLoggingActivated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional. Indicates whether ip logging has been activated as the result of the alert. A separate evIpLogStatus event will be generated when logging has been completed. The evIpLogStatus event contains the URL where the log results may be obtained. This element may be omitted if and only if its value is false." ::= { cidsAlert 18 } cidsAlertTcpResetSent OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional. Indicates whether a attempt was made to reset a tcp connection as the result of the alert. The addresses and ports affected must be implied from the information contained in the participant elements of the evAlert. This element may be omitted if and only if its value is false." ::= { cidsAlert 19 } cidsAlertShunRequested OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional. Indicates whether an ip address or tcp connection has been requested to be shunned as a result of the alert. Details about the addresses and ports involved in the shun can be obtained from evNacStatus events sent by the Network Access Controller application. This element may be omitted if and only if its value is false." ::= { cidsAlert 20 } cidsAlertDetails OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Optional. Textual details about the specific alert instance, not just the signature." ::= { cidsAlert 21 } cidsAlertIpLogId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP log identifiers for IP logs that were added as the result of this alert." ::= { cidsAlert 22 } cidsThreatResponseStatus OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A brief textual description of the status of the alarm given by the Cisco Systems Threat Response engine." ::= { cidsAlert 23 } cidsThreatResponseSeverity OBJECT-TYPE SYNTAX Integer32 ( -2147483648..2147483647 ) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The alarm severity as assigned by the Cisco Systems Threat Response engine." ::= { cidsAlert 24 } cidsAlertEventRiskRating OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A risk factor that incorporates several additional pieces of information beyond the detection of a potentially malicious action. The factors that characterize this risk are the severity of the attack if it were to succeed, the fidelity of the signature, the relevance of the potential attack with respect to the target host, and the overall value of the target host to the customer." ::= { cidsAlert 25 } --Error cidsErrorSeverity OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Severity of an error (warning, error or fatal for example). An example of a type of error that could occur would be when a requested action could not be completed because it would create a resource that would exceed a system resource limit." ::= { cidsError 1 } cidsErrorName OBJECT-TYPE SYNTAX CidsErrorCode MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "An enumerated error code, which identifies a general class of errors." ::= { cidsError 2 } cidsErrorMessage OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A textual description of the error that occurred." ::= { cidsError 3 } --Health cidsHealthPacketLoss OBJECT-TYPE SYNTAX Integer32 ( 0..100 ) UNITS "percent" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of packets lost at the device interface level." ::= { cidsHealth 1 } cidsHealthPacketDenialRate OBJECT-TYPE SYNTAX Integer32 ( 0..100 ) UNITS "percent" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of packets denied due to protocol and security violations." ::= { cidsHealth 2 } cidsHealthAlarmsGenerated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of alarms generated, includes all currently defined alarm severities." ::= { cidsHealth 3 } cidsHealthFragmentsInFRU OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of fragments currently queued in the fragment reassembly unit." ::= { cidsHealth 4 } cidsHealthDatagramsInFRU OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of datagrams currently queued in the fragment reassembly unit." ::= { cidsHealth 5 } cidsHealthTcpEmbryonicStreams OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of embryonic TCP streams currently queued in the device. TCP streams are considered embryonic if they have not completed the TCP three-way handshake." ::= { cidsHealth 6 } cidsHealthTCPEstablishedStreams OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of established TCP streams currently queued in the device. Once a stream has completed a TCP three-way handshake it will move to the established state." ::= { cidsHealth 7 } cidsHealthTcpClosingStreams OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of closing TCP streams currently queued in the device. A stream will move from the established state to closing when a valid FIN or RST flag is received." ::= { cidsHealth 8 } cidsHealthTcpStreams OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of TCP streams (embryonic, established and closing) currently queued in the device." ::= { cidsHealth 9 } cidsHealthActiveNodes OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of active nodes currently queued in the device." ::= { cidsHealth 10 } cidsHealthTcpDualIpAndPorts OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number TCP nodes keyed on both IP addresses and both ports currently queued in the device." ::= { cidsHealth 11 } cidsHealthUdpDualIpAndPorts OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number UDP nodes keyed on both IP addresses and both ports currently queued in the device." ::= { cidsHealth 12 } cidsHealthIpDualIp OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number IP nodes keyed on both IP addresses currently queued in the device." ::= { cidsHealth 13 } cidsHealthIsSensorMemoryCritical OBJECT-TYPE SYNTAX Unsigned32 ( 0..10 ) MAX-ACCESS read-only STATUS current DESCRIPTION "A value between 0 and 10 that should rarely get above 3. If this is non-zero the sensor has stopped enforcing policy on some traffic in order to keep up with the current traffic load; the sensor is oversubscribed. The higher the number the more oversubscribed the sensor. It could be oversubscribed from a memory prospective and not traffic speed. For example on a 200 Mbit sensor this number might be 3 if the sensor was only seeing 100Mbit of traffic but 6000 connections per second which is over the rated capacity of the sensor. When the sensor is in Memory Critical state then a ciscoCidsError trap will be sent accordingly." ::= { cidsHealth 14 } cidsHealthIsSensorActive OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the failover status of the device. True indicates the device is currently active. False indicates it is in a standby mode." ::= { cidsHealth 15 } cidsHealthCommandAndControlPort OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The status and network statistics of the currently configured Command and Control interface on the device. The Command and Control interface is where all of the communications for command and control of the sensor occurs. This is important to identify what interface a user will communicate with to control the sensor remotely and general health statistics for that interface." ::= { cidsHealth 16 } cidsHealthSensorStatsResetTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of SNMPv2-MIB::sysUpTime when the Sensor specific statistics was reset. The reset time is collectively for the following objects: cidsHealthPacketLoss, cidsHealthPacketDenies, cidsHealthAlarmsGenerated, cidsHealthFragmentsInFRU, cidsHealthDatagramsInFRU, cidsHealthTcpEmbryonicStreams, cidsHealthTcpEstablishedStreams, cidsHealthTcpClosingStreams, cidsHealthTcpStreams" ::= { cidsHealth 17 } -- Notifications -- Since notifications with a large number of bound objects -- can be rather large, the agent can provide two different -- notification generation modes. One without optional objects -- to try and keep the notification size below 484 bytes and -- one with no size limits that will send all available optional -- objects as well as those explicitly listed in the OBJECTS -- clause of the notification definition. -- -- The following objects, defined elsewhere in this MIB module -- as accessible-for-notify, are optional in that they are not -- explicitly listed in a notification's OBJECTS clause. -- When the notification generation mode is set to allow optional -- objects to be bound, the association of the optional objects -- to particular notifications is as follows: -- -- ciscoCidsAlert: -- cidsGeneralOriginatorAppName -- cidsGeneralOriginatorAppId -- cidsAlertSignature -- cidsAlertSignatureVersion -- cidsAlertSummary -- cidsAlertSummaryType -- cidsAlertSummaryFinal -- cidsAlertSummaryInitialAlert -- cidsAlertInterfaceGroup -- cidsAlertVlan -- cidsAlertVictimContext -- cidsAlertAttackerContext -- cidsAlertIpLoggingActivated -- cidsAlertTcpResetSent -- cidsAlertShunRequested -- cidsAlertDetails -- cidsAlertIpLogId -- cidsThreatResponseStatus -- cidsThreatResponseSeverity -- cidsAlertEventRiskRating -- -- ciscoCidsError: -- cidsGeneralOriginatorAppName -- cidsGeneralOriginatorAppId ciscoCidsAlert NOTIFICATION-TYPE OBJECTS { cidsGeneralEventId, cidsGeneralLocalTime, cidsGeneralUTCTime, cidsGeneralOriginatorHostId, cidsAlertSeverity, cidsAlertSignatureSigName, cidsAlertSignatureSigId, cidsAlertSignatureSubSigId, cidsAlertAlarmTraits, cidsAlertAttackerAddress, cidsAlertVictimAddress } STATUS current DESCRIPTION "Event indicating that some suspicious or malicious activity has been detected on a monitored network." ::= { ciscoCidsMIBNotifs 1 } ciscoCidsError NOTIFICATION-TYPE OBJECTS { cidsGeneralEventId, cidsGeneralLocalTime, cidsGeneralUTCTime, cidsGeneralOriginatorHostId, cidsErrorSeverity, cidsErrorName, cidsErrorMessage } STATUS current DESCRIPTION "Event indicating that an error has occurred." ::= { ciscoCidsMIBNotifs 2 } -- Conformance ciscoCidsMIBCompliances OBJECT IDENTIFIER ::= { ciscoCidsMIBConform 1 } ciscoCidsMIBGroups OBJECT IDENTIFIER ::= { ciscoCidsMIBConform 2 } -- Compliance ciscoCidsMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Cids MIB" MODULE -- this module MANDATORY-GROUPS { ciscoCidsGeneralObjectGroup, ciscoCidsAlertObjectGroup, ciscoCidsErrorObjectGroup, ciscoCidsHealthObjectGroup } ::= { ciscoCidsMIBCompliances 1 } -- Units of Conformance ciscoCidsGeneralObjectGroup OBJECT-GROUP OBJECTS { cidsGeneralEventId, cidsGeneralLocalTime, cidsGeneralUTCTime, cidsGeneralOriginatorHostId, cidsGeneralOriginatorAppName, cidsGeneralOriginatorAppId, cidsNotificationsEnabled } STATUS current DESCRIPTION "General Objects." ::= { ciscoCidsMIBGroups 1 } ciscoCidsAlertObjectGroup OBJECT-GROUP OBJECTS { cidsAlertSeverity, cidsAlertAlarmTraits, cidsAlertSignature, cidsAlertSignatureSigName, cidsAlertSignatureSigId, cidsAlertSignatureSubSigId, cidsAlertSignatureVersion, cidsAlertSummary, cidsAlertSummaryType, cidsAlertSummaryFinal, cidsAlertSummaryInitialAlert, cidsAlertInterfaceGroup, cidsAlertVlan, cidsAlertVictimContext, cidsAlertAttackerContext, cidsAlertVictimAddress, cidsAlertAttackerAddress, cidsAlertIpLoggingActivated, cidsAlertTcpResetSent, cidsAlertShunRequested, cidsAlertDetails, cidsAlertIpLogId, cidsThreatResponseStatus, cidsThreatResponseSeverity, cidsAlertEventRiskRating } STATUS current DESCRIPTION "Alert Objects." ::= { ciscoCidsMIBGroups 2 } ciscoCidsErrorObjectGroup OBJECT-GROUP OBJECTS { cidsErrorSeverity, cidsErrorName, cidsErrorMessage } STATUS current DESCRIPTION "Error Objects." ::= { ciscoCidsMIBGroups 3 } ciscoCidsNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoCidsAlert, ciscoCidsError } STATUS current DESCRIPTION "The notifications which are required." ::= { ciscoCidsMIBGroups 4 } ciscoCidsHealthObjectGroup OBJECT-GROUP OBJECTS { cidsHealthPacketLoss, cidsHealthPacketDenialRate, cidsHealthAlarmsGenerated, cidsHealthFragmentsInFRU, cidsHealthDatagramsInFRU, cidsHealthTcpEmbryonicStreams, cidsHealthTCPEstablishedStreams, cidsHealthTcpClosingStreams, cidsHealthTcpStreams, cidsHealthActiveNodes, cidsHealthTcpDualIpAndPorts, cidsHealthUdpDualIpAndPorts, cidsHealthIpDualIp, cidsHealthIsSensorMemoryCritical, cidsHealthIsSensorActive, cidsHealthCommandAndControlPort, cidsHealthSensorStatsResetTime } STATUS current DESCRIPTION "Health Objects." ::= { ciscoCidsMIBGroups 5 } END