You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Enterasys Networks > ENTERASYS-THREAT-NOTIFICATION-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

ENTERASYS-THREAT-NOTIFICATION-MIB by vendor Enterasys Networks

ENTERASYS-THREAT-NOTIFICATION-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing ENTERASYS-THREAT-NOTIFICATION-MIB.


Vendor: Enterasys Networks
Mib: ENTERASYS-THREAT-NOTIFICATION-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
ENTERASYS-THREAT-NOTIFICATION-MIB DEFINITIONS ::= BEGIN

--  enterasys-threat-notification-mib.txt
--
--  Part Number: <TBD>
--
--

--  This module provides authoritative definitions for Enterasys
--  Networks' Threat Notification Trap MIB.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in
--  connection with the management of Enterasys Networks products.

--  Copyright January, (2004) Enterasys Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
        FROM SNMPv2-SMI
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    DisplayString
        FROM SNMPv2-TC
    InetAddress, InetAddressType
        FROM INET-ADDRESS-MIB
    InterfaceIndex
        FROM IF-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysThreatNotificationMIB MODULE-IDENTITY
    LAST-UPDATED "200403101547Z"  -- Wed Mar 10 15:47 GMT 2004
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"

    DESCRIPTION
        "This MIB module defines the portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to
         the Threat Notification feature."

    REVISION "200403101547Z"  -- Wed Mar 10 15:47 GMT 2004
    DESCRIPTION
        "The initial version of this MIB module."
    ::= { etsysModules 45 }

-- -------------------------------------------------------------
-- Branches of the Enterasys Threat Notification MIB
-- -------------------------------------------------------------

etsysThreatNotificationObjects
        OBJECT IDENTIFIER ::= { etsysThreatNotificationMIB 1 }

etsysThreatNotificationNotificationBranch
        OBJECT IDENTIFIER ::= { etsysThreatNotificationObjects 0 }

etsysThreatNotificationSystemBranch
        OBJECT IDENTIFIER ::= { etsysThreatNotificationObjects 1 }

-- -------------------------------------------------------------
-- Threat Notification System Branch
-- -------------------------------------------------------------

etsysThreatNotificationSenderID  OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..128))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "A name that identifies a sender or group
                   of senders. ie. 'Dragon IDS', ACME IDS',
                   'VIRUS SCAN', 'DRAGON1', 'DRAGON2'"
    ::= { etsysThreatNotificationSystemBranch 1 }

etsysThreatNotificationSenderName  OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..128))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The name of the sensor that discovered the threat."
    ::= { etsysThreatNotificationSystemBranch 2 }

etsysThreatNotificationThreatCategory  OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..128))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "A name that identifies a group of threat types."
    ::= { etsysThreatNotificationSystemBranch 3 }

etsysThreatNotificationThreatName  OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..255))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The name of the signature that detected the threat."
    ::= { etsysThreatNotificationSystemBranch 4 }

etsysThreatNotificationDeviceAddressType  OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address type of the device where the initiator
                   of the threat was detected."
    ::= { etsysThreatNotificationSystemBranch 5 }

etsysThreatNotificationDeviceAddress  OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address of the device where the initiator
                   of the threat was detected."
    ::= { etsysThreatNotificationSystemBranch 6 }

etsysThreatNotificationDeviceIfIndex  OBJECT-TYPE
    SYNTAX        InterfaceIndex
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The interface where the initiator was detected."
    ::= { etsysThreatNotificationSystemBranch 7 }

etsysThreatNotificationInitiatorAddressType  OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address type of the endstation that initiated
                   the threat."
    ::= { etsysThreatNotificationSystemBranch 8 }

etsysThreatNotificationInitiatorAddress  OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address of the endstation that initiated the
                   threat."
    ::= { etsysThreatNotificationSystemBranch 9 }

etsysThreatNotificationTargetAddressType  OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address type of the endstation that is threatened."
    ::= { etsysThreatNotificationSystemBranch 10 }

etsysThreatNotificationTargetAddress  OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The address of the endstation that is threatened."
    ::= { etsysThreatNotificationSystemBranch 11 }

etsysThreatNotificationConsolidatedData  OBJECT-TYPE
    SYNTAX        DisplayString (SIZE(0..1024))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   "The purpose of this object is to support devices that can
                  only send single varbind notification messages and should
                  only be used in conjunction with
                  etsysThreatNotificationInformationMessage3. The data should
                  be encoded in the following format:
                      object1='data' object2='data' object3='data' ...
                  Here is an example:
                      etsysThreatNotificationSenderID='dragon' 
                      etsysThreatNotificationSenderName='dragon' 
                      etsysThreatNotificationThreatCategory='ATTACKS'
                      etsysThreatNotificationThreatName='HOST:APACHE:ETC-PASSWD' 
                      etsysThreatNotificationInitiatorAddress='1.1.1.1'
                      etsysThreatNotificationTargetAddress='2.2.2.2'
                  "
    ::= { etsysThreatNotificationSystemBranch 12 }

-- -------------------------------------------------------------
--  Threat Notification Notification Branch
-- -------------------------------------------------------------

etsysThreatNotificationInformationMessage1 NOTIFICATION-TYPE
    OBJECTS { 
              etsysThreatNotificationSenderID,
              etsysThreatNotificationSenderName,
              etsysThreatNotificationThreatCategory,
              etsysThreatNotificationThreatName,
              etsysThreatNotificationInitiatorAddressType,
              etsysThreatNotificationInitiatorAddress,
              etsysThreatNotificationTargetAddressType,
              etsysThreatNotificationTargetAddress
            }
    STATUS  current
    DESCRIPTION
        "An etsysThreatNotificationInformationMessage1 indicates that a
        potential threat has been identified.  This trap should be
        generated when the IP address of the source of the threat is
        known, but not the device and interface.
        (etsysThreatNotificationSenderName and
        etsysThreatNotificationTargetAddress are optional objects)"
    ::= { etsysThreatNotificationNotificationBranch 1 }

etsysThreatNotificationInformationMessage2 NOTIFICATION-TYPE
    OBJECTS { 
              etsysThreatNotificationSenderID,
              etsysThreatNotificationSenderName,
              etsysThreatNotificationThreatCategory,
              etsysThreatNotificationThreatName,
              etsysThreatNotificationDeviceAddressType,
              etsysThreatNotificationDeviceAddress,
              etsysThreatNotificationDeviceIfIndex,
              etsysThreatNotificationInitiatorAddressType,
              etsysThreatNotificationInitiatorAddress,
              etsysThreatNotificationTargetAddressType,
              etsysThreatNotificationTargetAddress
            }
    STATUS  current
    DESCRIPTION
        "An etsysThreatNotificationInformationMessage2 indicates that a
        potential threat has been identified.  This trap should be
        generated when the device and interface of the threat is known,
        but the IP address of the source may or may not be known.
        (etsysThreatNotificationSenderName,
        etsysThreatNotificationInitiatorAddress
        and etsysThreatNotificationTargetAddress are optional objects)"
    ::= { etsysThreatNotificationNotificationBranch 2 }

etsysThreatNotificationInformationMessage3 NOTIFICATION-TYPE
    OBJECTS {
              etsysThreatNotificationConsolidatedData
            }
    STATUS  current
    DESCRIPTION
        "The purpose of etsysThreatNotificationInformationMessage3 is to
        support devices that can only send single varbind notifications.
        See etsysThreatNotificationConsolidatedData for more details."
    ::= { etsysThreatNotificationNotificationBranch 3 }

-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysThreatNotificationConformance
        OBJECT IDENTIFIER ::= { etsysThreatNotificationMIB 2 }

etsysThreatNotificationGroups
        OBJECT IDENTIFIER ::= { etsysThreatNotificationConformance 1 }

etsysThreatNotificationCompliances
        OBJECT IDENTIFIER ::= { etsysThreatNotificationConformance 2 }


-- -------------------------------------------------------------
-- Units of Conformance
-- -------------------------------------------------------------

etsysThreatNotificationMessage1SystemGroup OBJECT-GROUP
    OBJECTS {
        etsysThreatNotificationSenderID,
        etsysThreatNotificationSenderName,
        etsysThreatNotificationThreatCategory,
        etsysThreatNotificationThreatName,
        etsysThreatNotificationInitiatorAddressType,
        etsysThreatNotificationInitiatorAddress,
        etsysThreatNotificationTargetAddressType,
        etsysThreatNotificationTargetAddress
    }
    STATUS  current
    DESCRIPTION
        "A collection of objects required for etsysThreatNotificationMessage1
         providing information about possible threats on a network."
    ::= { etsysThreatNotificationGroups 1 }

etsysThreatNotificationMessage2SystemGroup OBJECT-GROUP
    OBJECTS {
        etsysThreatNotificationDeviceAddressType,
        etsysThreatNotificationDeviceAddress,
        etsysThreatNotificationDeviceIfIndex
    }
    STATUS  current
    DESCRIPTION
        "A collection of objects required for etsysThreatNotificationMessage2
         providing information about possible threats on a network."
    ::= { etsysThreatNotificationGroups 2 }

etsysThreatNotificationMessage3SystemGroup OBJECT-GROUP
    OBJECTS {
        etsysThreatNotificationConsolidatedData
    }
    STATUS  current
    DESCRIPTION
        "A collection of objects required for etsysThreatNotificationMessage3
         providing information about possible threats on a network."
    ::= { etsysThreatNotificationGroups 3 }

etsysThreatNotificationMessage1Group NOTIFICATION-GROUP
    NOTIFICATIONS {
        etsysThreatNotificationInformationMessage1
    }
    STATUS  current
    DESCRIPTION
        "A collection of notifications used to alert a management
         application of possible threats on a network."
    ::= { etsysThreatNotificationGroups 4 }

etsysThreatNotificationMessage2Group NOTIFICATION-GROUP
    NOTIFICATIONS {
        etsysThreatNotificationInformationMessage2
    }
    STATUS  current
    DESCRIPTION
        "A collection of notifications used to alert a management
         application of possible threats on a network."
    ::= { etsysThreatNotificationGroups 5 }

etsysThreatNotificationMessage3Group NOTIFICATION-GROUP
    NOTIFICATIONS {
        etsysThreatNotificationInformationMessage3
    }
    STATUS  current
    DESCRIPTION
        "A collection of notifications used to alert a management
         application of possible threats on a network."
    ::= { etsysThreatNotificationGroups 6 }


-- -------------------------------------------------------------
-- Compliance Statements
-- -------------------------------------------------------------

etsysThreatNotificationCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for devices that support
         threat notifications."
    MODULE
        GROUP       etsysThreatNotificationMessage1SystemGroup
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage1."

        GROUP       etsysThreatNotificationMessage2SystemGroup
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage2."

        GROUP       etsysThreatNotificationMessage3SystemGroup
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage3."

        GROUP       etsysThreatNotificationMessage1Group
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage1."

        GROUP       etsysThreatNotificationMessage2Group
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage2."

        GROUP       etsysThreatNotificationMessage3Group
        DESCRIPTION
            "This group is OPTIONAL for devices supporting 
             etsysThreatNotificationMessage3."

    ::= { etsysThreatNotificationCompliances 1 }

END