-- CISCO-CIDS-MIB.my : Cisco Intrusion Detection System MIB
--
-- December 2003, Shane J London
--
-- Copyright (c) 2003 by Cisco Systems, Inc.
-- All rights reserved.CISCO-CIDS-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Integer32,Unsigned32,Counter32,TimeTicks,Gauge32FROM SNMPv2-SMI
MODULE-COMPLIANCE,NOTIFICATION-GROUP,OBJECT-GROUPFROM SNMPv2-CONF
TEXTUAL-CONVENTION,TruthValue,DateAndTimeFROM SNMPv2-TC
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
Unsigned64
FROM CISCO-TC
ciscoMgmt
FROM CISCO-SMI;ciscoCidsMIB MODULE-IDENTITYLAST-UPDATED"200312180000Z"ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-netranger@cisco.com"DESCRIPTION"Cisco Intrusion Detection System MIB. Provides
trap definitions for the evAlert and evError
elements of the IDIOM (Intrusion Detection and
Operations Messages) document and read support
for the Intrusion Detection System (sensor)
health information, such as if the sensor is
in a memory critical stage."REVISION"200312180000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 383}ciscoCidsMIBNotifs OBJECTIDENTIFIER::={ ciscoCidsMIB 0}
ciscoCidsMIBObjects OBJECTIDENTIFIER::={ ciscoCidsMIB 1}ciscoCidsMIBConform OBJECTIDENTIFIER::={ ciscoCidsMIB 2}cidsGeneral OBJECTIDENTIFIER::={ ciscoCidsMIBObjects 1}cidsAlert OBJECTIDENTIFIER::={ ciscoCidsMIBObjects 2}cidsError OBJECTIDENTIFIER::={ ciscoCidsMIBObjects 3}cidsHealth OBJECTIDENTIFIER::={ ciscoCidsMIBObjects 4}-- Textual ConventionsCidsErrorCode ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION
"An enumerated value which identifies the general
category of error that occurred.
errAuthenticationTokenExpired
The requested action could not be carried out
because the requestor has provided an
authentication token (e.g. password) that has
expired.
errConfigCollision
The value of the config-token request
parameter in a setComponentConfig control
transaction request does not match the
current configuration document on the target
host. Typically this indicates that the
configuration on the target host has been
modified by another user.
errInUse
The requested action could not be completed
because it requires access to a resource
that is in use.
errInvalidDocument
The request contained a document that was
not well-formed, contained an incorrect root
element, or contained additional elements or
attributes that are not permitted by the lax
IDIOM schema.
errLimitExceeded
The requested action could not be completed
because it would create a resource that
would exceed a system resource limit.
errNotAvailable
The requested action is supported but cannot
be performed due to the current
configuration of the target host.
errNotFound
A resource specified in the request does
not exist.
errNotSupported
The requested action is not supported on
the target host.
errPermissionDenied
The requestor does not have a sufficiently
high authorization level to perform the
requested action.
errSyslog
Used to convey messages of interest from
the host system's syslog.
errSystemError
A system error occurred, such as an
out-of-memory condition, disk access error,
etc.
errTransport
The requested action could not be carried
out because of a communications failure
with another host that is involved in the
action.
errUnacceptableValue
The request document was valid but
contained one or more values that could
not be accepted because they either:
(1) conflict with other values in the same
document or (2) are not acceptable due to
the current state of the system.
errUnclassified
Used to convey an unclassified error
condition.
errWarning
Used to convey a software warning
condition detected by an application
running on the host system.
"SYNTAXINTEGER{errAuthenticationTokenExpired(1),errConfigCollision(2),errInUse(3),errInvalidDocument(4),errLimitExceeded(5),errNotAvailable(6),errNotFound(7),errNotSupported(8),errPermissionDenied(9),errSyslog(10),errSystemError(11),errTransport(12),errUnacceptableValue(13),errUnclassified(14),errWarning(15)}-- GeneralcidsGeneralEventId OBJECT-TYPESYNTAXUnsigned64MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Identifies the sequence number of an event.
This value needs to be unique within the scope
of the originating host."::={ cidsGeneral 1}cidsGeneralLocalTime OBJECT-TYPESYNTAXDateAndTimeMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The local time on the Cisco intrusion detection
system sensor when the alert was generated."::={ cidsGeneral 2}cidsGeneralUTCTime OBJECT-TYPESYNTAXDateAndTimeMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The UTC time on the Cisco intrusion detection
system sensor when the alert was generated."::={ cidsGeneral 3}cidsGeneralOriginatorHostId OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"A globally unique identifier for a Cids host. Could
be a host name or an ip address."::={ cidsGeneral 4}cidsGeneralOriginatorAppName OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notify
STATUScurrentDESCRIPTION"The optional generic name of a Cids application."::={ cidsGeneral 5}cidsGeneralOriginatorAppId OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The optional id of this instance of the application.
Typically the process id (pid)."::={ cidsGeneral 6}cidsNotificationsEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Indicates whether notifications will or will not
be sent when an event is generated by the device."DEFVAL{ false }::={ cidsGeneral 7}
-- AlertcidsAlertSeverity OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The severity associated with a Cids signature
(informational, low, medium or high for
example)."::={ cidsAlert 1}cidsAlertAlarmTraits OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The alarm traits is an unsigned 16-bit integer
representing the value of the 16 user-defined
alarm traits specified in the configuration for
the signature that triggered the alert. The
alarmTraits bits are used to classify signatures
into user-defined categories or groups."::={ cidsAlert 2}cidsAlertSignature OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Content is a string containing details about the
signature that fired, without any specifics tied
to this instance of the alert. The
cidsAlertSignatureSigName, cidsAlertSignatureSigId
and cidsAlertSignatureSubSigId attributes define
the signature that triggered this Alert."::={ cidsAlert 3}cidsAlertSignatureSigName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The name of the Intrusion detection signature
that triggered this event."::={ cidsAlert 4}
cidsAlertSignatureSigId OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The ID of the Intrusion detection signature
that triggered this event. The ID combines
with the cidsAlertSignatureSubSigId to
create a unique key that identifies the
signature that generated this event."::={ cidsAlert 5}cidsAlertSignatureSubSigId OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The optional Sub ID of the Intrusion detection
signature that triggered this event. The Sub
ID combines with the cidsAlertSignatureSigId
to create a unique key that identifies the
signature that generated this event."::={ cidsAlert 6}
cidsAlertSignatureVersion OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..64))MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The optional version attribute defines the version
number of the signature update in which the triggering
signature was introduced or was last modified.
Example: 4.1(1.1)S47(0.1)"::={ cidsAlert 7}cidsAlertSummary OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional, if present, specifies that this is a
summary alert, representing one or more alerts with
common characteristics. The numeric value indicates
the number of times the signature fired since the
last summary alert with a matching 'initialAlert'
attribute value. The first and all subsequent
summary alerts in a sequence will use the eventId
of a previous non-summary evAlert in the initialAlert
attribute value. All alerts represented by the
summary alert share the same signature and
sub-signature id. The summaryType attribute defines
the common characteristic(s) of all alerts in the
summary. The 'final' attribute indicates whether
this is the last evAlert containing the same value
in the 'initialAlert' attribute. The 'final'
attribute may be omitted if and only if its value
is false."::={ cidsAlert 8}cidsAlertSummaryType OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..16))MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Common characteristics shared by all non-summary
alerts included in a summary alert."::={ cidsAlert 9}
cidsAlertSummaryFinal OBJECT-TYPESYNTAXTruthValueMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"The optional 'final' attribute indicates whether
this is the last evAlert containing the same value
in the 'initialAlert' attribute. The 'final'
attribute may be omitted if and only if its value
is false."::={ cidsAlert 10}cidsAlertSummaryInitialAlert OBJECT-TYPESYNTAXUnsigned64MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Serial number for the initial alert, which is
guaranteed unique within the scope of the
originating host."::={ cidsAlert 11}cidsAlertInterfaceGroup OBJECT-TYPESYNTAXInteger32(-2147483648..2147483647)
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional numeric identifier for a sniffing
interface group on this host."::={ cidsAlert 12}cidsAlertVlan OBJECT-TYPESYNTAXUnsigned32(0..65535)MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"An optional numeric identifier for a vlan. Identifies
the vlan that uses the number in ISL or 802.3.1q
headers."::={ cidsAlert 13}cidsAlertVictimContext OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrent
DESCRIPTION"Optional Base64-encoded representation of the stream
data that was sourced by the victim."::={ cidsAlert 14}cidsAlertAttackerContext OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional Base64-encoded representation of the stream
data that was sourced by the Attacker."::={ cidsAlert 15}cidsAlertAttackerAddress OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional ip address and ports on a monitored
interface. The 'locality' attribute is a string
that indicates the relative location of the ip
address within the network mapping, such as whether
the address falls within the address range of a
protected network. The optional 'proxy' attribute
is 'true' if the sensor has reason to suspect that
the address given is not the address of the true
attacker. This could be a the result of address
spoofing or because the host has been compromised
and is acting as a 'zombie'. The 'proxy' attribute
may be omitted if and only if its value is false."::={ cidsAlert 16}cidsAlertVictimAddress OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional ip address and ports on a monitored
interface. The 'locality' attribute is a string
that indicates the relative location of the ip
address within the network mapping, such as
whether the address falls within the address range
of a protected network."::={ cidsAlert 17}cidsAlertIpLoggingActivated OBJECT-TYPESYNTAXTruthValueMAX-ACCESSaccessible-for-notify
STATUScurrentDESCRIPTION"Optional. Indicates whether ip logging has been
activated as the result of the alert. A separate
evIpLogStatus event will be generated when logging
has been completed. The evIpLogStatus event contains
the URL where the log results may be obtained. This
element may be omitted if and only if its value
is false."::={ cidsAlert 18}cidsAlertTcpResetSent OBJECT-TYPESYNTAXTruthValueMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional. Indicates whether a attempt was made to
reset a tcp connection as the result of the alert.
The addresses and ports affected must be implied from
the information contained in the participant elements
of the evAlert. This element may be omitted if and
only if its value is false."::={ cidsAlert 19}cidsAlertShunRequested OBJECT-TYPE
SYNTAXTruthValueMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional. Indicates whether an ip address or tcp
connection has been requested to be shunned as a
result of the alert. Details about the addresses
and ports involved in the shun can be obtained from
evNacStatus events sent by the Network Access
Controller application. This element may be omitted
if and only if its value is false."::={ cidsAlert 20}cidsAlertDetails OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"Optional. Textual details about the specific alert
instance, not just the signature."::={ cidsAlert 21}cidsAlertIpLogId OBJECT-TYPESYNTAXSnmpAdminString
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"IP log identifiers for IP logs that were added as
the result of this alert."::={ cidsAlert 22}cidsThreatResponseStatus OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"A brief textual description of the status of
the alarm given by the Cisco Systems Threat
Response engine."::={ cidsAlert 23}cidsThreatResponseSeverity OBJECT-TYPESYNTAXInteger32(-2147483648..2147483647)MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION
"The alarm severity as assigned by the Cisco Systems
Threat Response engine."::={ cidsAlert 24}cidsAlertEventRiskRating OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"A risk factor that incorporates several additional
pieces of information beyond the detection of a
potentially malicious action. The factors that
characterize this risk are the severity of the
attack if it were to succeed, the fidelity of the
signature, the relevance of the potential attack
with respect to the target host, and the overall
value of the target host to the customer."::={ cidsAlert 25}--ErrorcidsErrorSeverity OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION
"Severity of an error (warning, error or fatal
for example). An example of a type of error
that could occur would be when a requested
action could not be completed because it
would create a resource that would exceed a
system resource limit."::={ cidsError 1}cidsErrorName OBJECT-TYPESYNTAX CidsErrorCode
MAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"An enumerated error code, which identifies a general
class of errors."::={ cidsError 2}cidsErrorMessage OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSaccessible-for-notifySTATUScurrentDESCRIPTION"A textual description of the error that occurred."::={ cidsError 3}--Health
cidsHealthPacketLoss OBJECT-TYPESYNTAXInteger32(0..100)UNITS"percent"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of packets lost at the device
interface level."::={ cidsHealth 1}cidsHealthPacketDenialRate OBJECT-TYPESYNTAXInteger32(0..100)UNITS"percent"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of packets denied due to
protocol and security violations."::={ cidsHealth 2}cidsHealthAlarmsGenerated OBJECT-TYPE
SYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of alarms generated, includes
all currently defined alarm severities."::={ cidsHealth 3}cidsHealthFragmentsInFRU OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of fragments currently queued in the
fragment reassembly unit."::={ cidsHealth 4}cidsHealthDatagramsInFRU OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of datagrams currently queued in the
fragment reassembly unit."::={ cidsHealth 5}
cidsHealthTcpEmbryonicStreams OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of embryonic TCP streams currently
queued in the device. TCP streams are
considered embryonic if they have not
completed the TCP three-way handshake."::={ cidsHealth 6}cidsHealthTCPEstablishedStreams OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of established TCP streams currently
queued in the device. Once a stream has
completed a TCP three-way handshake it will
move to the established state."::={ cidsHealth 7}cidsHealthTcpClosingStreams OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of closing TCP streams currently
queued in the device. A stream will move
from the established state to closing when
a valid FIN or RST flag is received."::={ cidsHealth 8}cidsHealthTcpStreams OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of TCP streams (embryonic,
established and closing) currently queued
in the device."::={ cidsHealth 9}cidsHealthActiveNodes OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of active nodes currently queued in
the device."::={ cidsHealth 10}
cidsHealthTcpDualIpAndPorts OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number TCP nodes keyed on both IP addresses
and both ports currently queued in the device."::={ cidsHealth 11}cidsHealthUdpDualIpAndPorts OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number UDP nodes keyed on both IP addresses
and both ports currently queued in the device."::={ cidsHealth 12}cidsHealthIpDualIp OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"The number IP nodes keyed on both IP addresses
currently queued in the device."::={ cidsHealth 13}cidsHealthIsSensorMemoryCritical OBJECT-TYPESYNTAXUnsigned32(0..10)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A value between 0 and 10 that should rarely
get above 3. If this is non-zero the sensor
has stopped enforcing policy on some traffic in
order to keep up with the current traffic load;
the sensor is oversubscribed. The higher the
number the more oversubscribed the sensor. It
could be oversubscribed from a memory prospective
and not traffic speed. For example on a 200 Mbit
sensor this number might be 3 if the sensor was
only seeing 100Mbit of traffic but 6000
connections per second which is over the rated
capacity of the sensor. When the sensor is
in Memory Critical state then a ciscoCidsError
trap will be sent accordingly."::={ cidsHealth 14}
cidsHealthIsSensorActive OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Indicates the failover status of the device.
True indicates the device is currently active.
False indicates it is in a standby mode."::={ cidsHealth 15}cidsHealthCommandAndControlPort OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The status and network statistics of the
currently configured Command and Control
interface on the device. The Command
and Control interface is where all of the
communications for command and control
of the sensor occurs. This is important
to identify what interface a user will
communicate with to control the sensor
remotely and general health statistics
for that interface."
::={ cidsHealth 16}cidsHealthSensorStatsResetTime OBJECT-TYPESYNTAXTimeTicksMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of SNMPv2-MIB::sysUpTime
when the Sensor specific statistics
was reset. The reset time is
collectively for the following objects:
cidsHealthPacketLoss,
cidsHealthPacketDenies,
cidsHealthAlarmsGenerated,
cidsHealthFragmentsInFRU,
cidsHealthDatagramsInFRU,
cidsHealthTcpEmbryonicStreams,
cidsHealthTcpEstablishedStreams,
cidsHealthTcpClosingStreams,
cidsHealthTcpStreams"::={ cidsHealth 17}-- Notifications-- Since notifications with a large number of bound objects
-- can be rather large, the agent can provide two different
-- notification generation modes. One without optional objects
-- to try and keep the notification size below 484 bytes and
-- one with no size limits that will send all available optional
-- objects as well as those explicitly listed in the OBJECTS
-- clause of the notification definition.
--
-- The following objects, defined elsewhere in this MIB module
-- as accessible-for-notify, are optional in that they are not
-- explicitly listed in a notification's OBJECTS clause.
-- When the notification generation mode is set to allow optional
-- objects to be bound, the association of the optional objects
-- to particular notifications is as follows:
--
-- ciscoCidsAlert:
-- cidsGeneralOriginatorAppName
-- cidsGeneralOriginatorAppId
-- cidsAlertSignature
-- cidsAlertSignatureVersion
-- cidsAlertSummary
-- cidsAlertSummaryType
-- cidsAlertSummaryFinal
-- cidsAlertSummaryInitialAlert
-- cidsAlertInterfaceGroup
-- cidsAlertVlan
-- cidsAlertVictimContext
-- cidsAlertAttackerContext
-- cidsAlertIpLoggingActivated
-- cidsAlertTcpResetSent
-- cidsAlertShunRequested
-- cidsAlertDetails
-- cidsAlertIpLogId
-- cidsThreatResponseStatus
-- cidsThreatResponseSeverity
-- cidsAlertEventRiskRating
--
-- ciscoCidsError:
-- cidsGeneralOriginatorAppName
-- cidsGeneralOriginatorAppIdciscoCidsAlert NOTIFICATION-TYPEOBJECTS{
cidsGeneralEventId,
cidsGeneralLocalTime,
cidsGeneralUTCTime,
cidsGeneralOriginatorHostId,
cidsAlertSeverity,
cidsAlertSignatureSigName,
cidsAlertSignatureSigId,
cidsAlertSignatureSubSigId,
cidsAlertAlarmTraits,
cidsAlertAttackerAddress,
cidsAlertVictimAddress
}STATUScurrentDESCRIPTION"Event indicating that some suspicious or malicious
activity has been detected on a monitored network."::={ ciscoCidsMIBNotifs 1}ciscoCidsError NOTIFICATION-TYPEOBJECTS{
cidsGeneralEventId,
cidsGeneralLocalTime,
cidsGeneralUTCTime,
cidsGeneralOriginatorHostId,
cidsErrorSeverity,
cidsErrorName,
cidsErrorMessage
}STATUScurrentDESCRIPTION"Event indicating that an error has occurred."::={ ciscoCidsMIBNotifs 2}-- ConformanceciscoCidsMIBCompliances OBJECTIDENTIFIER::={ ciscoCidsMIBConform 1}
ciscoCidsMIBGroups OBJECTIDENTIFIER::={ ciscoCidsMIBConform 2}-- ComplianceciscoCidsMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which implement
the Cids MIB"MODULE-- this moduleMANDATORY-GROUPS{
ciscoCidsGeneralObjectGroup,
ciscoCidsAlertObjectGroup,
ciscoCidsErrorObjectGroup,
ciscoCidsHealthObjectGroup
}::={ ciscoCidsMIBCompliances 1}-- Units of ConformanceciscoCidsGeneralObjectGroup OBJECT-GROUPOBJECTS{
cidsGeneralEventId,
cidsGeneralLocalTime,
cidsGeneralUTCTime,
cidsGeneralOriginatorHostId,
cidsGeneralOriginatorAppName,
cidsGeneralOriginatorAppId,
cidsNotificationsEnabled
}STATUScurrentDESCRIPTION"General Objects."::={ ciscoCidsMIBGroups 1}ciscoCidsAlertObjectGroup OBJECT-GROUPOBJECTS{
cidsAlertSeverity,
cidsAlertAlarmTraits,
cidsAlertSignature,
cidsAlertSignatureSigName,
cidsAlertSignatureSigId,
cidsAlertSignatureSubSigId,
cidsAlertSignatureVersion,
cidsAlertSummary,
cidsAlertSummaryType,
cidsAlertSummaryFinal,
cidsAlertSummaryInitialAlert,
cidsAlertInterfaceGroup,
cidsAlertVlan,
cidsAlertVictimContext,
cidsAlertAttackerContext,
cidsAlertVictimAddress,
cidsAlertAttackerAddress,
cidsAlertIpLoggingActivated,
cidsAlertTcpResetSent,
cidsAlertShunRequested,
cidsAlertDetails,
cidsAlertIpLogId,
cidsThreatResponseStatus,
cidsThreatResponseSeverity,
cidsAlertEventRiskRating
}STATUScurrentDESCRIPTION"Alert Objects."::={ ciscoCidsMIBGroups 2}ciscoCidsErrorObjectGroup OBJECT-GROUPOBJECTS{
cidsErrorSeverity,
cidsErrorName,
cidsErrorMessage
}STATUScurrentDESCRIPTION"Error Objects."::={ ciscoCidsMIBGroups 3}
ciscoCidsNotificationsGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoCidsAlert,
ciscoCidsError
}STATUScurrentDESCRIPTION"The notifications which are required."::={ ciscoCidsMIBGroups 4}ciscoCidsHealthObjectGroup OBJECT-GROUPOBJECTS{
cidsHealthPacketLoss,
cidsHealthPacketDenialRate,
cidsHealthAlarmsGenerated,
cidsHealthFragmentsInFRU,
cidsHealthDatagramsInFRU,
cidsHealthTcpEmbryonicStreams,
cidsHealthTCPEstablishedStreams,
cidsHealthTcpClosingStreams,
cidsHealthTcpStreams,
cidsHealthActiveNodes,
cidsHealthTcpDualIpAndPorts,
cidsHealthUdpDualIpAndPorts,
cidsHealthIpDualIp,
cidsHealthIsSensorMemoryCritical,
cidsHealthIsSensorActive,
cidsHealthCommandAndControlPort,
cidsHealthSensorStatsResetTime
}STATUScurrentDESCRIPTION"Health Objects."::={ ciscoCidsMIBGroups 5}END