mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
1042 lines
35 KiB
Plaintext
1042 lines
35 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-THREAT-MITIGATION-SERVICE-MIB.my MIB for TMS(Threat
|
|
-- Mitigation Service).
|
|
--
|
|
-- January 2007, Alok K Sinha
|
|
--
|
|
-- Copyright (c) 2007 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
|
|
CISCO-THREAT-MITIGATION-SERVICE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Unsigned32,
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
OBJECT-TYPE
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
ifIndex
|
|
FROM IF-MIB
|
|
StorageType,
|
|
RowStatus,
|
|
DateAndTime,
|
|
TruthValue,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
InetAddress,
|
|
InetAddressType
|
|
FROM INET-ADDRESS-MIB
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoThreatMitigationServiceMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200701090000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal:170 W. Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel:+1 800 553-NETS
|
|
|
|
E-mail:cs-tms@cisco.com"
|
|
DESCRIPTION
|
|
"
|
|
This MIB provides management information about the Threat
|
|
Mitigation Service(TMS) entity named 'Consumer'. TMS is part
|
|
of Cisco's Network Infection Containment (NIC) security
|
|
framework. The MIB is expected to be implemented on all
|
|
entities that act as TMS consumers.
|
|
|
|
The NIC framework deals with threat mitigation. The NIC
|
|
architecture consists of controllers and one or more consumers
|
|
registered with these controllers. The controller is
|
|
responsible for detecting threats and conveying the
|
|
information about the same to one or more consumers that
|
|
could be the potential targets of the detected threat.
|
|
Upon receiving the information about the threat from
|
|
the controller, the consumer responds with appropriate
|
|
mitigation actions according to the policies configured
|
|
on it and as indicated in the threat notification message.
|
|
|
|
TMS protocol is used for distribution and management of threat
|
|
related information from the controller to consumers.
|
|
TMS runs over TIDP layer which is used as distribution layer.
|
|
TIDP layer provides a secured connection between the
|
|
controller and the consumers. TIDP also provides group
|
|
management services.
|
|
|
|
Each consumer needs to participate in a TIDP group in order
|
|
to receive threat notification message from controller
|
|
in that TIDP group. To participate in a TIDP group consumer
|
|
needs to register with the controller of that group,
|
|
from which it intends to receive threat messages.
|
|
|
|
When the controller needs to distribute the information
|
|
about a threat to one or more target TIDP groups or to
|
|
one particular consumer in a TIDP group, it delivers
|
|
the information to the respective entities through
|
|
TMS protocol messages. Upon receiving the threat
|
|
notification message, consumer determines the appropriate
|
|
mitigation action to be executed, with the corresponding
|
|
action parameters, based on the configuration and information
|
|
available in threat message. The respective action is then
|
|
executed.
|
|
|
|
The state of threat is set according to the result of
|
|
enforcement action, e.g., upon successful application of
|
|
enforcement action it is marked as Active. The consumer then
|
|
responds to the controller with the results of the
|
|
mitigation action carried out for the threat.
|
|
|
|
GLOSSARY
|
|
--------
|
|
|
|
Active Threat : A threat is active on a consumer if mitigation
|
|
action corresponding to the threat has been enforced
|
|
successfully.
|
|
|
|
Inactive Threat : A threat is inactive on a consumer if
|
|
mitigation action corresponding to the threat has been
|
|
undone successfully.
|
|
|
|
ACL : Access Control List is the list of rules which are
|
|
used to filter or classify packets based on protocol
|
|
parameters.
|
|
|
|
ACL drop : ACL drop action refers to the drop action taken
|
|
on packets matching any of the filters in the access list.
|
|
|
|
DSCP : Differentiated Service Code Point is same as 'Type of
|
|
Service' field in IP header, used in reference to quality
|
|
of service.
|
|
|
|
FPM : Flexible Packet Matching is a framework which provides
|
|
packet filtering based on pattern at any offset in the packet.
|
|
|
|
FPM drop : FPM drop action refers to the drop action taken on
|
|
packet filtered by FPM.
|
|
|
|
TCDF : Traffic Classification Definition File gives
|
|
the XML description of traffic class.
|
|
|
|
TIDP : Threat Information Distribution Protocol is a
|
|
distribution protocol, which provides a secured connectivity
|
|
between network devices. It also provides a group management
|
|
function.
|
|
|
|
TIDP group : A closed group of network devices which share
|
|
authentication and encryption keys for message exchange.
|
|
|
|
TMS : TMS protocol provides information about threats and the
|
|
mitigation action required for the threats in a TIDP network.
|
|
|
|
TIDP network : TIDP network comprises of one or more
|
|
TIDP groups."
|
|
REVISION "200701090000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 603 }
|
|
|
|
|
|
ciscoTmsMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoThreatMitigationServiceMIB 0 }
|
|
|
|
ciscoTmsMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoThreatMitigationServiceMIB 1 }
|
|
|
|
ciscoTmsMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoThreatMitigationServiceMIB 2 }
|
|
|
|
ciTmsConsumerGlobals OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBObjects 1 }
|
|
|
|
ciTmsConsumerGroup OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBObjects 2 }
|
|
|
|
ciTmsConsumerThreat OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBObjects 3 }
|
|
|
|
ciTiTmsConsumerNotifs OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBObjects 4 }
|
|
|
|
-- Textual Conventions
|
|
|
|
CTmsConsumerState ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual description represents the state
|
|
of the consumer. The semantics are as follows.
|
|
|
|
disabled(1)
|
|
Consumer is disabled.
|
|
|
|
enabled(2)
|
|
Consumer is enabled.
|
|
|
|
"
|
|
SYNTAX INTEGER {
|
|
disabled(1),
|
|
enabled(2)
|
|
}
|
|
|
|
CTmsConsumerRegistrationStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual description represents the status of
|
|
registration of consumer with the controller. The
|
|
semantics are as follows.
|
|
|
|
notRegistered(1)
|
|
Consumer is not registered to the controller.
|
|
|
|
registrationRequestSent(2)
|
|
A registration request has been sent to the controller
|
|
and consumer is waiting for the response.
|
|
|
|
registered(3)
|
|
Consumer is registered with the controller.
|
|
|
|
registrationFailed(4)
|
|
The most recent registration attempt has failed.
|
|
"
|
|
SYNTAX INTEGER {
|
|
notRegistered(1),
|
|
registrationRequestSent(2),
|
|
registered(3),
|
|
registrationFailed(4)
|
|
}
|
|
|
|
CTmsThreatStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention represents the status of the threat
|
|
received from a controller in a TIDP group on the consumer.
|
|
|
|
unknown(1)
|
|
Unknown state.
|
|
|
|
active(2)
|
|
Threat is successfully activated, i.e. mitigation action
|
|
has been successfully enforced.
|
|
|
|
inactive(3)
|
|
Threat is inactivated by controller, i.e. mitigation
|
|
action is not enforced.
|
|
|
|
created(4)
|
|
Consumer has recorded the information about the threat
|
|
mitigation action enforcement and other processing
|
|
pending for successful activation.
|
|
|
|
pending(5)
|
|
Mitigation action initiated and waiting for the result.
|
|
|
|
activationFailed(6)
|
|
Threat activation failed.
|
|
|
|
inactivationFailed(7)
|
|
Inactivation of threat failed.
|
|
|
|
deleted(8)
|
|
Threat mitigation is removed from the consumer.
|
|
|
|
"
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
active(2),
|
|
inactive(3),
|
|
created(4),
|
|
pending(5),
|
|
activationFailed(6),
|
|
inactivationFailed(7),
|
|
deleted(8)
|
|
}
|
|
|
|
CTmsActionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention represents the types of actions
|
|
that can be applied to mitigate a threat.
|
|
|
|
ignore(1)
|
|
No action, threat ignored.
|
|
|
|
aclDrop(2)
|
|
ACL drop action.
|
|
|
|
fpmDrop(3)
|
|
FPM drop.
|
|
|
|
redirect(4)
|
|
Redirect traffic to a particular host.
|
|
|
|
police(5)
|
|
Police the traffic.
|
|
|
|
setIPDscp(6)
|
|
Set the DSCP in IP header of packet to a specific value.
|
|
|
|
localException(7)
|
|
Local exception enforced for the threat.
|
|
|
|
quarantine(8)
|
|
Quarantine the infected host.
|
|
"
|
|
SYNTAX INTEGER {
|
|
ignore(1),
|
|
aclDrop(2),
|
|
fpmDrop(3),
|
|
redirect(4),
|
|
police(5),
|
|
setIPDscp(6),
|
|
localException(7),
|
|
quarantine(8)
|
|
}
|
|
|
|
CTmsActionParamIdType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention represents the type of action
|
|
parameters. The semantics are as follows.
|
|
|
|
noParams(1),
|
|
No parameters required for the action.
|
|
|
|
cir(2),
|
|
police : Committed information rate.
|
|
|
|
bir(3),
|
|
police : Peak information rate.
|
|
|
|
be(4),
|
|
police : Excess burst.
|
|
|
|
nexthop(5),
|
|
redirect : Address of host to redirect the traffic to.
|
|
|
|
dscpVal(6),
|
|
setIpDscp : DSCP value in IP header to be set to.
|
|
|
|
vlanId(7)
|
|
Quarantine : Quarantine the host to this vlan.
|
|
"
|
|
SYNTAX INTEGER {
|
|
noParams(1),
|
|
cir(2),
|
|
bir(3),
|
|
be(4),
|
|
nexthop(5),
|
|
dscpVal(6),
|
|
vlanId(7)
|
|
}
|
|
|
|
CTmsActionParamType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention represents the type of the action
|
|
parameter. The semantics as follows.
|
|
|
|
unsigned(1),
|
|
Unsigned integer.
|
|
|
|
networkAddress(2),
|
|
represents a network address e,g, IPv4 and IPv6 address.
|
|
|
|
string(3)
|
|
A sequence of octets.
|
|
"
|
|
SYNTAX INTEGER {
|
|
unsigned(1),
|
|
networkAddress(2),
|
|
string(3)
|
|
}
|
|
|
|
-- Scalar objects
|
|
ciTmsActiveThreats OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the total number of active threats in
|
|
the consumer."
|
|
::= { ciTmsConsumerGlobals 1 }
|
|
|
|
ciTmsInActiveThreats OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the total number of inactive threats
|
|
in the consumer."
|
|
::= { ciTmsConsumerGlobals 2 }
|
|
|
|
ciTmsConsumerDeviceId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used for configuring the name of
|
|
the consumer. This could be any generic string,
|
|
e.g. 'Consumer-1'."
|
|
DEFVAL { "" }
|
|
::= { ciTmsConsumerGlobals 3 }
|
|
|
|
ciTmsGroupsMaxEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum number of rows
|
|
in ciTmsGroupTable."
|
|
DEFVAL { 32767 }
|
|
::= { ciTmsConsumerGlobals 4 }
|
|
|
|
ciTmsThreatsMaxEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum number of rows in
|
|
ciTmsThreatTable."
|
|
DEFVAL { 65535 }
|
|
::= { ciTmsConsumerGlobals 5 }
|
|
|
|
ciTmsThreatActionMaxEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum number of rows in
|
|
ciTmsThreatActionTable."
|
|
DEFVAL { 65535 }
|
|
::= { ciTmsConsumerGlobals 6 }
|
|
|
|
ciTmsInterfaceMaxEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the maximum number of rows in
|
|
ciTmsThreatInterfaceTable."
|
|
DEFVAL { 65535 }
|
|
::= { ciTmsConsumerGlobals 7 }
|
|
|
|
ciTmsConsumerState OBJECT-TYPE
|
|
SYNTAX CTmsConsumerState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the current state of the consumer."
|
|
::= { ciTmsConsumerGlobals 8 }
|
|
-- Table for group controller to status mapping
|
|
|
|
ciTmsGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiTmsGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Consumer can participate in one of more TIDP groups, each
|
|
group having one or more controllers. The table represents
|
|
the list of controllers in a particular group.
|
|
|
|
A row is added to the table when a controller's IP address
|
|
is added to the list of known controllers.
|
|
A row is deleted from the table when a controller's
|
|
IP address is removed from the list of known controllers."
|
|
::= { ciTmsConsumerGroup 1 }
|
|
|
|
ciTmsGroupEntry OBJECT-TYPE
|
|
SYNTAX CiTmsGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in ciTmsGroupTable
|
|
and corresponds to the information about the controller
|
|
and TIDP group a consumer is registered with."
|
|
INDEX {
|
|
ciTmsGroupId,
|
|
ciTmsControllerIpType,
|
|
ciTmsControllerIp
|
|
}
|
|
::= { ciTmsGroupTable 1 }
|
|
|
|
CiTmsGroupEntry ::= SEQUENCE {
|
|
ciTmsGroupId Unsigned32,
|
|
ciTmsControllerIpType InetAddressType,
|
|
ciTmsControllerIp InetAddress,
|
|
ciTmsGroupConsumerRegStatus CTmsConsumerRegistrationStatus,
|
|
ciTmsGroupNotifEnable TruthValue,
|
|
ciTmsGroupStorageType StorageType,
|
|
ciTmsGroupRowStatus RowStatus
|
|
}
|
|
|
|
ciTmsGroupId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object represents the TIDP group Id."
|
|
::= { ciTmsGroupEntry 1 }
|
|
|
|
ciTmsControllerIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the type of the network address
|
|
available through ciTmsControllerIp."
|
|
::= { ciTmsGroupEntry 2 }
|
|
|
|
ciTmsControllerIp OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the network address of the controller.
|
|
The type of the address is represented by
|
|
ciTmsControllerIpType."
|
|
::= { ciTmsGroupEntry 3 }
|
|
|
|
ciTmsGroupConsumerRegStatus OBJECT-TYPE
|
|
SYNTAX CTmsConsumerRegistrationStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the status of consumer's registration
|
|
with the controller in a TIDP group."
|
|
::= { ciTmsGroupEntry 4 }
|
|
|
|
ciTmsGroupNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether following notifications should
|
|
be generated for a group :
|
|
1. ciscoTmsControllerUnreachable
|
|
2. ciscoTmsThreatStatusChange
|
|
3. ciscoTmsMitigationActionFailed
|
|
|
|
Setting this object to 'true' enables the group level
|
|
notifications, while setting it to 'false' disables
|
|
the group level notifications."
|
|
DEFVAL { false }
|
|
::= { ciTmsGroupEntry 5 }
|
|
|
|
ciTmsGroupStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "The storage type for this conceptual row."
|
|
DEFVAL { nonVolatile }
|
|
::= { ciTmsGroupEntry 6 }
|
|
|
|
ciTmsGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row.
|
|
An entry can be created/deleted using this object.
|
|
A row may be deleted by setting the RowStatus to 'destroy'."
|
|
::= { ciTmsGroupEntry 7 }
|
|
|
|
|
|
-- Table for threat information
|
|
|
|
ciTmsThreatTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiTmsThreatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents the information about the
|
|
threats the consumer has received from various
|
|
controllers belonging to different TIDP groups it is
|
|
registered with. A threat received from one controller
|
|
in a TIDP group is uniquely identified by the threat id
|
|
and owner id.
|
|
|
|
A row is added to the table when a threat notification
|
|
message is received by the consumer from the controller in
|
|
a TIDP group.
|
|
A row is deleted from the table when the consumer deletes
|
|
the information about a threat received from a controller
|
|
in a TIDP group."
|
|
::= { ciTmsConsumerThreat 1 }
|
|
|
|
ciTmsThreatEntry OBJECT-TYPE
|
|
SYNTAX CiTmsThreatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in ciTmsThreatTable
|
|
and corresponds to the information about a threat and it's
|
|
various attributes, received from a controller in a given
|
|
TIDP group."
|
|
INDEX {
|
|
ciTmsThreatOwner,
|
|
ciTmsThreatId,
|
|
ciTmsGroupId,
|
|
ciTmsControllerIpType,
|
|
ciTmsControllerIp
|
|
}
|
|
::= { ciTmsThreatTable 1 }
|
|
|
|
CiTmsThreatEntry ::= SEQUENCE {
|
|
ciTmsThreatOwner Unsigned32,
|
|
ciTmsThreatId Unsigned32,
|
|
ciTmsThreatVer Unsigned32,
|
|
ciTmsThreatStatus CTmsThreatStatus,
|
|
ciTmsThreatClass SnmpAdminString,
|
|
ciTmsThreatName SnmpAdminString,
|
|
ciTmsThreatActiveTimeDuration DateAndTime,
|
|
ciTmsThreatPriority Unsigned32,
|
|
ciTmsThreatTcdf SnmpAdminString
|
|
}
|
|
|
|
ciTmsThreatOwner OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the controller that has notified the
|
|
consumer about the threat."
|
|
::= { ciTmsThreatEntry 1 }
|
|
|
|
ciTmsThreatId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the identifier for the particular
|
|
threat."
|
|
::= { ciTmsThreatEntry 2 }
|
|
|
|
ciTmsThreatVer OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..255 )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the version of the
|
|
threat."
|
|
::= { ciTmsThreatEntry 3 }
|
|
|
|
ciTmsThreatStatus OBJECT-TYPE
|
|
SYNTAX CTmsThreatStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the current status of the threat on
|
|
the consumer. This is evaluated locally on consumer."
|
|
::= { ciTmsThreatEntry 4 }
|
|
|
|
ciTmsThreatClass OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the class of threat. An example of
|
|
class is 'Worm'."
|
|
::= { ciTmsThreatEntry 5 }
|
|
|
|
ciTmsThreatName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents name of the threat. An example of
|
|
threat name is 'WittyWorm'."
|
|
::= { ciTmsThreatEntry 6 }
|
|
|
|
ciTmsThreatActiveTimeDuration OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the duration the threat has been
|
|
active for."
|
|
::= { ciTmsThreatEntry 7 }
|
|
|
|
ciTmsThreatPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..32 )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the priority at which the consumer
|
|
responds to this threat. A higher value indicates a lower
|
|
priority for the threat and vice versa."
|
|
::= { ciTmsThreatEntry 8 }
|
|
|
|
ciTmsThreatTcdf OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the TCDF related information received
|
|
in the threat. For example,
|
|
<tcdf> <match> <eq field='ip.dst_addr' value='10.10.10.1'>
|
|
</eq> </match> </tcdf>."
|
|
::= { ciTmsThreatEntry 9 }
|
|
|
|
|
|
-- Threat Action table
|
|
|
|
ciTmsThreatActionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiTmsThreatActionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table represents mitigation action for the respective
|
|
threat. A threat is uniquely represented by the threat id,
|
|
owner id, controller IP and TIDP group ID and hence
|
|
corresponding objects are used as indices.
|
|
A row is added to the table when the consumer enforces a
|
|
mitigation action as a result of receiving a threat message
|
|
from a controller in a TIDP group.
|
|
A row is deleted from the table when the consumer removes
|
|
the mitigation action taken for the threat received from a
|
|
controller in a TIDP group."
|
|
::= { ciTmsConsumerThreat 2 }
|
|
|
|
ciTmsThreatActionEntry OBJECT-TYPE
|
|
SYNTAX CiTmsThreatActionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a conceptual row in
|
|
ciTmsThreatActionTable and corresponds to the
|
|
information about the mitigation action
|
|
applied for a particular threat."
|
|
INDEX {
|
|
ciTmsThreatOwner,
|
|
ciTmsThreatId,
|
|
ciTmsGroupId,
|
|
ciTmsControllerIpType,
|
|
ciTmsControllerIp,
|
|
ciTmsThreatAction,
|
|
ciTmsThreatActionParamId
|
|
}
|
|
::= { ciTmsThreatActionTable 1 }
|
|
|
|
CiTmsThreatActionEntry ::= SEQUENCE {
|
|
ciTmsThreatAction CTmsActionType,
|
|
ciTmsThreatActionParamId CTmsActionParamIdType,
|
|
ciTmsThreatActionParamType CTmsActionParamType,
|
|
ciTmsThreatActionParamLength Unsigned32,
|
|
ciTmsThreatActionParamValue SnmpAdminString,
|
|
ciTmsThreatActionFailReason SnmpAdminString
|
|
}
|
|
|
|
ciTmsThreatAction OBJECT-TYPE
|
|
SYNTAX CTmsActionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the mitigation action taken by
|
|
the consumer for a threat."
|
|
::= { ciTmsThreatActionEntry 1 }
|
|
|
|
ciTmsThreatActionParamId OBJECT-TYPE
|
|
SYNTAX CTmsActionParamIdType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This object identifies an action parameter."
|
|
::= { ciTmsThreatActionEntry 2 }
|
|
|
|
ciTmsThreatActionParamType OBJECT-TYPE
|
|
SYNTAX CTmsActionParamType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the type of an action parameter."
|
|
::= { ciTmsThreatActionEntry 3 }
|
|
|
|
ciTmsThreatActionParamLength OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535 )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the length of the action parameter
|
|
identified by ciTmsThreatActionParamId."
|
|
::= { ciTmsThreatActionEntry 4 }
|
|
|
|
ciTmsThreatActionParamValue OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the value of the parameter identified
|
|
by ciTmsThreatActionParamId. This value should be interpreted
|
|
using type and length of the parameter value represented by
|
|
ciTmsThreatActionParamType and ciTmsThreatActionParamLength
|
|
respectively.
|
|
In case of ciTmsThreatActionParamType being 'networkAddress',
|
|
the first octet of this object will indicate the type of
|
|
network address, i.e. it will be set to one of
|
|
InetAddressType values as appropriate. The subsequent
|
|
octets will carry the network address. For example,
|
|
the first octet of ciTmsThreatActionParamValue will carry
|
|
the value ipv4(1) and the next four octets will carry the
|
|
respective octets of the IP address."
|
|
::= { ciTmsThreatActionEntry 5 }
|
|
|
|
ciTmsThreatActionFailReason OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the reason for the failure of
|
|
a particular threat mitigation action. 'OER mitigation not
|
|
supported' is an example of the value populated for this
|
|
object. For successfully mitigated threats, this will be
|
|
a zero-length string."
|
|
::= { ciTmsThreatActionEntry 6 }
|
|
|
|
|
|
-- Threat Interface table
|
|
|
|
ciTmsThreatInterfaceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CiTmsThreatInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The application of threat mitigation is typically done on one
|
|
or more interfaces. This table represents the status of
|
|
mitigation action applied on the respective interfaces.
|
|
|
|
A row is added to the table when the consumer enforces a
|
|
mitigation action on a interface as a result of receiving
|
|
a threat message from a controller in a TIDP group.
|
|
A row is deleted from the table when the consumer removes a
|
|
mitigation action taken on a interface as a result of threat
|
|
received from a controller in a TIDP group."
|
|
::= { ciTmsConsumerThreat 3 }
|
|
|
|
ciTmsThreatInterfaceEntry OBJECT-TYPE
|
|
SYNTAX CiTmsThreatInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry represents a row in ciTmsThreatInterfaceTable
|
|
and corresponds to the information about the interface on
|
|
which the threat mitigation action is applied."
|
|
INDEX {
|
|
ciTmsThreatId,
|
|
ciTmsThreatOwner,
|
|
ciTmsGroupId,
|
|
ciTmsControllerIpType,
|
|
ciTmsControllerIp,
|
|
ifIndex
|
|
}
|
|
::= { ciTmsThreatInterfaceTable 1 }
|
|
|
|
CiTmsThreatInterfaceEntry ::= SEQUENCE {
|
|
ciThreatInterfaceMitigationApplied TruthValue
|
|
}
|
|
|
|
ciThreatInterfaceMitigationApplied OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the mitigation action
|
|
for a particular threat has been successfully applied
|
|
on an interface or not. A value of 'true' indicates
|
|
the successful application of mitigation action, while a
|
|
value of 'false' indicates that the mitigation
|
|
action couldn't be successfully applied on the interface. "
|
|
::= { ciTmsThreatInterfaceEntry 1 }
|
|
|
|
|
|
|
|
-- notifications
|
|
ciTmsConsStateChangeNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to control the generation of the
|
|
ciscoTmsConsStateChange notifications. A value of
|
|
'true' indicates that the agent is enabled to generate this
|
|
notification. A value of 'false' indicates the generation
|
|
of this notification is currently disabled."
|
|
DEFVAL { false }
|
|
::= { ciTiTmsConsumerNotifs 1 }
|
|
|
|
|
|
ciscoTmsConsStateChange NOTIFICATION-TYPE
|
|
OBJECTS { ciTmsConsumerState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated to indicate the current
|
|
operational state of the consumer, when the consumer
|
|
undergoes a state change."
|
|
::= { ciscoTmsMIBNotifs 1 }
|
|
|
|
|
|
ciscoTmsControllerUnreachable NOTIFICATION-TYPE
|
|
OBJECTS { ciTmsGroupConsumerRegStatus }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated by the consumer when the
|
|
controller it has registered with becomes unreachable.
|
|
This notification will be generated only when notification
|
|
generation is enabled for the corresponding TIDP group
|
|
through ciTmsGroupNotifEnable."
|
|
::= { ciscoTmsMIBNotifs 2 }
|
|
|
|
|
|
ciscoTmsThreatStatusChange NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ciTmsThreatVer,
|
|
ciTmsThreatStatus,
|
|
ciTmsThreatPriority
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated by the consumer when
|
|
consumer acts upon a particular threat and changes the state
|
|
of the threat.
|
|
This notification will be generated only when notification
|
|
generation is enabled for the corresponding TIDP group
|
|
through ciTmsGroupNotifEnable."
|
|
::= { ciscoTmsMIBNotifs 3 }
|
|
|
|
|
|
ciscoTmsMitigationActionFailed NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ciTmsThreatActionParamType,
|
|
ciTmsThreatActionParamLength,
|
|
ciTmsThreatActionParamValue,
|
|
ciTmsThreatActionFailReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated by the consumer when the
|
|
mitigation action enforced for a particular threat fails.
|
|
The notification contains the information about the failed
|
|
mitigation action and the reason for the failure indicated
|
|
by ciTmsThreatActionFailReason.
|
|
This notification will be generated only when notification
|
|
generation is enabled for the corresponding TIDP group
|
|
through ciTmsGroupNotifEnable."
|
|
::= { ciscoTmsMIBNotifs 4 }
|
|
-- conformance information
|
|
ciscoTmsMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBConform 1 }
|
|
|
|
ciscoTmsMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoTmsMIBConform 2 }
|
|
|
|
|
|
-- compliance statement
|
|
ciscoTmsMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoThreatMitigationServiceMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTmsConsumerGroup,
|
|
ciscoTmsThreatGroup,
|
|
ciscoTmsThreatActionGroup,
|
|
ciscoTmsThreatInterfaceGroup,
|
|
ciscoTmsNotificationGroup
|
|
}
|
|
::= { ciscoTmsMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
ciscoTmsConsumerGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ciTmsConsumerDeviceId,
|
|
ciTmsGroupsMaxEntries,
|
|
ciTmsThreatsMaxEntries,
|
|
ciTmsThreatActionMaxEntries,
|
|
ciTmsInterfaceMaxEntries,
|
|
ciTmsConsumerState,
|
|
ciTmsConsStateChangeNotifEnable,
|
|
ciTmsGroupConsumerRegStatus,
|
|
ciTmsGroupNotifEnable,
|
|
ciTmsGroupStorageType,
|
|
ciTmsGroupRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the information about
|
|
the TIDP groups, the controller(s) in a TIDP group and the
|
|
status of a consumer's registration with the controller
|
|
in the TIDP group."
|
|
::= { ciscoTmsMIBGroups 1 }
|
|
|
|
ciscoTmsThreatGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ciTmsActiveThreats,
|
|
ciTmsInActiveThreats,
|
|
ciTmsThreatVer,
|
|
ciTmsThreatStatus,
|
|
ciTmsThreatClass,
|
|
ciTmsThreatName,
|
|
ciTmsThreatActiveTimeDuration,
|
|
ciTmsThreatPriority,
|
|
ciTmsThreatTcdf
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represents the information
|
|
about the threats detected, as being targeted towards a
|
|
consumer, by a controller in a TIDP group."
|
|
::= { ciscoTmsMIBGroups 2 }
|
|
|
|
ciscoTmsThreatActionGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ciTmsThreatActionParamType,
|
|
ciTmsThreatActionParamLength,
|
|
ciTmsThreatActionParamValue,
|
|
ciTmsThreatActionFailReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the information about
|
|
the mitigation actions taken for the respective threats by
|
|
the consumer."
|
|
::= { ciscoTmsMIBGroups 3 }
|
|
|
|
ciscoTmsThreatInterfaceGroup OBJECT-GROUP
|
|
OBJECTS { ciThreatInterfaceMitigationApplied }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the information about
|
|
the interfaces on which the mitigation action for a
|
|
particular threat is applied."
|
|
::= { ciscoTmsMIBGroups 4 }
|
|
|
|
ciscoTmsNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ciscoTmsConsStateChange,
|
|
ciscoTmsControllerUnreachable,
|
|
ciscoTmsThreatStatusChange,
|
|
ciscoTmsMitigationActionFailed
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represent the notifications
|
|
generated by the consumer."
|
|
::= { ciscoTmsMIBGroups 5 }
|
|
|
|
END
|
|
|
|
|
|
|