ENTERASYS-THREAT-NOTIFICATION-MIB device MIB details by Enterasys Networks
ENTERASYS-THREAT-NOTIFICATION-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing ENTERASYS-THREAT-NOTIFICATION-MIB.
Vendor: | Enterasys Networks |
---|---|
Mib: | ENTERASYS-THREAT-NOTIFICATION-MIB [download] [view objects] |
Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
ENTERASYS-THREAT-NOTIFICATION-MIB DEFINITIONS ::= BEGIN -- enterasys-threat-notification-mib.txt -- -- Part Number: <TBD> -- -- -- This module provides authoritative definitions for Enterasys -- Networks' Threat Notification Trap MIB. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright January, (2004) Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF DisplayString FROM SNMPv2-TC InetAddress, InetAddressType FROM INET-ADDRESS-MIB InterfaceIndex FROM IF-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysThreatNotificationMIB MODULE-IDENTITY LAST-UPDATED "200403101547Z" -- Wed Mar 10 15:47 GMT 2004 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks 50 Minuteman Rd. Andover, MA 01810-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "This MIB module defines the portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to the Threat Notification feature." REVISION "200403101547Z" -- Wed Mar 10 15:47 GMT 2004 DESCRIPTION "The initial version of this MIB module." ::= { etsysModules 45 } -- ------------------------------------------------------------- -- Branches of the Enterasys Threat Notification MIB -- ------------------------------------------------------------- etsysThreatNotificationObjects OBJECT IDENTIFIER ::= { etsysThreatNotificationMIB 1 } etsysThreatNotificationNotificationBranch OBJECT IDENTIFIER ::= { etsysThreatNotificationObjects 0 } etsysThreatNotificationSystemBranch OBJECT IDENTIFIER ::= { etsysThreatNotificationObjects 1 } -- ------------------------------------------------------------- -- Threat Notification System Branch -- ------------------------------------------------------------- etsysThreatNotificationSenderID OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A name that identifies a sender or group of senders. ie. 'Dragon IDS', ACME IDS', 'VIRUS SCAN', 'DRAGON1', 'DRAGON2'" ::= { etsysThreatNotificationSystemBranch 1 } etsysThreatNotificationSenderName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The name of the sensor that discovered the threat." ::= { etsysThreatNotificationSystemBranch 2 } etsysThreatNotificationThreatCategory OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A name that identifies a group of threat types." ::= { etsysThreatNotificationSystemBranch 3 } etsysThreatNotificationThreatName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The name of the signature that detected the threat." ::= { etsysThreatNotificationSystemBranch 4 } etsysThreatNotificationDeviceAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address type of the device where the initiator of the threat was detected." ::= { etsysThreatNotificationSystemBranch 5 } etsysThreatNotificationDeviceAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address of the device where the initiator of the threat was detected." ::= { etsysThreatNotificationSystemBranch 6 } etsysThreatNotificationDeviceIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The interface where the initiator was detected." ::= { etsysThreatNotificationSystemBranch 7 } etsysThreatNotificationInitiatorAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address type of the endstation that initiated the threat." ::= { etsysThreatNotificationSystemBranch 8 } etsysThreatNotificationInitiatorAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address of the endstation that initiated the threat." ::= { etsysThreatNotificationSystemBranch 9 } etsysThreatNotificationTargetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address type of the endstation that is threatened." ::= { etsysThreatNotificationSystemBranch 10 } etsysThreatNotificationTargetAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The address of the endstation that is threatened." ::= { etsysThreatNotificationSystemBranch 11 } etsysThreatNotificationConsolidatedData OBJECT-TYPE SYNTAX DisplayString (SIZE(0..1024)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The purpose of this object is to support devices that can only send single varbind notification messages and should only be used in conjunction with etsysThreatNotificationInformationMessage3. The data should be encoded in the following format: object1='data' object2='data' object3='data' ... Here is an example: etsysThreatNotificationSenderID='dragon' etsysThreatNotificationSenderName='dragon' etsysThreatNotificationThreatCategory='ATTACKS' etsysThreatNotificationThreatName='HOST:APACHE:ETC-PASSWD' etsysThreatNotificationInitiatorAddress='1.1.1.1' etsysThreatNotificationTargetAddress='2.2.2.2' " ::= { etsysThreatNotificationSystemBranch 12 } -- ------------------------------------------------------------- -- Threat Notification Notification Branch -- ------------------------------------------------------------- etsysThreatNotificationInformationMessage1 NOTIFICATION-TYPE OBJECTS { etsysThreatNotificationSenderID, etsysThreatNotificationSenderName, etsysThreatNotificationThreatCategory, etsysThreatNotificationThreatName, etsysThreatNotificationInitiatorAddressType, etsysThreatNotificationInitiatorAddress, etsysThreatNotificationTargetAddressType, etsysThreatNotificationTargetAddress } STATUS current DESCRIPTION "An etsysThreatNotificationInformationMessage1 indicates that a potential threat has been identified. This trap should be generated when the IP address of the source of the threat is known, but not the device and interface. (etsysThreatNotificationSenderName and etsysThreatNotificationTargetAddress are optional objects)" ::= { etsysThreatNotificationNotificationBranch 1 } etsysThreatNotificationInformationMessage2 NOTIFICATION-TYPE OBJECTS { etsysThreatNotificationSenderID, etsysThreatNotificationSenderName, etsysThreatNotificationThreatCategory, etsysThreatNotificationThreatName, etsysThreatNotificationDeviceAddressType, etsysThreatNotificationDeviceAddress, etsysThreatNotificationDeviceIfIndex, etsysThreatNotificationInitiatorAddressType, etsysThreatNotificationInitiatorAddress, etsysThreatNotificationTargetAddressType, etsysThreatNotificationTargetAddress } STATUS current DESCRIPTION "An etsysThreatNotificationInformationMessage2 indicates that a potential threat has been identified. This trap should be generated when the device and interface of the threat is known, but the IP address of the source may or may not be known. (etsysThreatNotificationSenderName, etsysThreatNotificationInitiatorAddress and etsysThreatNotificationTargetAddress are optional objects)" ::= { etsysThreatNotificationNotificationBranch 2 } etsysThreatNotificationInformationMessage3 NOTIFICATION-TYPE OBJECTS { etsysThreatNotificationConsolidatedData } STATUS current DESCRIPTION "The purpose of etsysThreatNotificationInformationMessage3 is to support devices that can only send single varbind notifications. See etsysThreatNotificationConsolidatedData for more details." ::= { etsysThreatNotificationNotificationBranch 3 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- etsysThreatNotificationConformance OBJECT IDENTIFIER ::= { etsysThreatNotificationMIB 2 } etsysThreatNotificationGroups OBJECT IDENTIFIER ::= { etsysThreatNotificationConformance 1 } etsysThreatNotificationCompliances OBJECT IDENTIFIER ::= { etsysThreatNotificationConformance 2 } -- ------------------------------------------------------------- -- Units of Conformance -- ------------------------------------------------------------- etsysThreatNotificationMessage1SystemGroup OBJECT-GROUP OBJECTS { etsysThreatNotificationSenderID, etsysThreatNotificationSenderName, etsysThreatNotificationThreatCategory, etsysThreatNotificationThreatName, etsysThreatNotificationInitiatorAddressType, etsysThreatNotificationInitiatorAddress, etsysThreatNotificationTargetAddressType, etsysThreatNotificationTargetAddress } STATUS current DESCRIPTION "A collection of objects required for etsysThreatNotificationMessage1 providing information about possible threats on a network." ::= { etsysThreatNotificationGroups 1 } etsysThreatNotificationMessage2SystemGroup OBJECT-GROUP OBJECTS { etsysThreatNotificationDeviceAddressType, etsysThreatNotificationDeviceAddress, etsysThreatNotificationDeviceIfIndex } STATUS current DESCRIPTION "A collection of objects required for etsysThreatNotificationMessage2 providing information about possible threats on a network." ::= { etsysThreatNotificationGroups 2 } etsysThreatNotificationMessage3SystemGroup OBJECT-GROUP OBJECTS { etsysThreatNotificationConsolidatedData } STATUS current DESCRIPTION "A collection of objects required for etsysThreatNotificationMessage3 providing information about possible threats on a network." ::= { etsysThreatNotificationGroups 3 } etsysThreatNotificationMessage1Group NOTIFICATION-GROUP NOTIFICATIONS { etsysThreatNotificationInformationMessage1 } STATUS current DESCRIPTION "A collection of notifications used to alert a management application of possible threats on a network." ::= { etsysThreatNotificationGroups 4 } etsysThreatNotificationMessage2Group NOTIFICATION-GROUP NOTIFICATIONS { etsysThreatNotificationInformationMessage2 } STATUS current DESCRIPTION "A collection of notifications used to alert a management application of possible threats on a network." ::= { etsysThreatNotificationGroups 5 } etsysThreatNotificationMessage3Group NOTIFICATION-GROUP NOTIFICATIONS { etsysThreatNotificationInformationMessage3 } STATUS current DESCRIPTION "A collection of notifications used to alert a management application of possible threats on a network." ::= { etsysThreatNotificationGroups 6 } -- ------------------------------------------------------------- -- Compliance Statements -- ------------------------------------------------------------- etsysThreatNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices that support threat notifications." MODULE GROUP etsysThreatNotificationMessage1SystemGroup DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage1." GROUP etsysThreatNotificationMessage2SystemGroup DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage2." GROUP etsysThreatNotificationMessage3SystemGroup DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage3." GROUP etsysThreatNotificationMessage1Group DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage1." GROUP etsysThreatNotificationMessage2Group DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage2." GROUP etsysThreatNotificationMessage3Group DESCRIPTION "This group is OPTIONAL for devices supporting etsysThreatNotificationMessage3." ::= { etsysThreatNotificationCompliances 1 } END