CISCO-CIDS-MIB
Cisco Intrusion Detection System MIB. Provides
trap definitions for the evAlert and evError
elements of the IDIOM (Intrusion Detection and
Operations Messages) document and read support
for the Intrusion Detection System (sensor)
health information, such as if the sensor is
in a memory critical stage.
|
Imported Objects
| ciscoMgmt | CISCO-SMI |
| CiscoIpProtocol, Unsigned64 | CISCO-TC |
| InterfaceIndex | IF-MIB |
| SnmpAdminString | SNMP-FRAMEWORK-MIB |
| NOTIFICATION-GROUP, OBJECT-GROUP, MODULE-COMPLIANCE | SNMPv2-CONF |
| OBJECT-IDENTITY, Gauge32, MODULE-IDENTITY, TimeTicks, Counter32, Unsigned32, Integer32, NOTIFICATION-TYPE, OBJECT-TYPE | SNMPv2-SMI |
| TEXTUAL-CONVENTION, TruthValue, DateAndTime, DisplayString | SNMPv2-TC |
Type Definitions (5)
| Name | Base Type | Values/Constraints |
|---|---|---|
 CidsApplicationStatus | notResponding(1), notRunning(2), processingTransaction(3), reconfiguring(4), running(5), starting(6), stopping(7), unknown(8), upgradeInprogress(9) | |
| CidsAttackRelevance | relevant(1), notRelevant(2), unknown(3) | |
| CidsErrorCode | errAuthenticationTokenExpired(1), errConfigCollision(2), errInUse(3), errInvalidDocument(4), errLimitExceeded(5), errNotAvailable(6), errNotFound(7), errNotSupported(8), errPermissionDenied(9), errSyslog(10), errSystemError(11), errTransport(12), errUnacceptableValue(13), errUnclassified(14), errWarning(15), errEngineBuildFailed(16) | |
| CidsHealthStatusColor | green(1), yellow(2), red(3) | |
| CidsTargetValue | zeroValue(1), low(2), medium(3), high(4), missionCritical(5) |
Objects
  ciscoCidsMIB  | .1.3.6.1.4.1.9.9.383 | |
| ciscoCidsMIBNotifs | .1.3.6.1.4.1.9.9.383.0 | |
| ciscoCidsMIBObjects | .1.3.6.1.4.1.9.9.383.1 | |
| cidsGeneral | .1.3.6.1.4.1.9.9.383.1.1 | |
 cidsGeneralEventId | .1.3.6.1.4.1.9.9.383.1.1.1 | |
| cidsGeneralLocalTime | .1.3.6.1.4.1.9.9.383.1.1.2 | |
| cidsGeneralUTCTime | .1.3.6.1.4.1.9.9.383.1.1.3 | |
| cidsGeneralOriginatorHostId | .1.3.6.1.4.1.9.9.383.1.1.4 | |
| cidsGeneralOriginatorAppName | .1.3.6.1.4.1.9.9.383.1.1.5 | |
| cidsGeneralOriginatorAppId | .1.3.6.1.4.1.9.9.383.1.1.6 | |
| cidsNotificationsEnabled | .1.3.6.1.4.1.9.9.383.1.1.7 | |
| cidsAlert | .1.3.6.1.4.1.9.9.383.1.2 | |
| cidsAlertSeverity | .1.3.6.1.4.1.9.9.383.1.2.1 | |
| cidsAlertSummaryFinal | .1.3.6.1.4.1.9.9.383.1.2.10 | |
| cidsAlertSummaryInitialAlert | .1.3.6.1.4.1.9.9.383.1.2.11 | |
| cidsAlertInterfaceGroup | .1.3.6.1.4.1.9.9.383.1.2.12 | |
| cidsAlertVlan | .1.3.6.1.4.1.9.9.383.1.2.13 | |
| cidsAlertVictimContext | .1.3.6.1.4.1.9.9.383.1.2.14 | |
| cidsAlertAttackerContext | .1.3.6.1.4.1.9.9.383.1.2.15 | |
| cidsAlertAttackerAddress | .1.3.6.1.4.1.9.9.383.1.2.16 | |
| cidsAlertVictimAddress | .1.3.6.1.4.1.9.9.383.1.2.17 | |
| cidsAlertIpLoggingActivated | .1.3.6.1.4.1.9.9.383.1.2.18 | |
| cidsAlertTcpResetSent | .1.3.6.1.4.1.9.9.383.1.2.19 | |
| cidsAlertAlarmTraits | .1.3.6.1.4.1.9.9.383.1.2.2 | |
| cidsAlertShunRequested | .1.3.6.1.4.1.9.9.383.1.2.20 | |
| cidsAlertDetails | .1.3.6.1.4.1.9.9.383.1.2.21 | |
| cidsAlertIpLogId | .1.3.6.1.4.1.9.9.383.1.2.22 | |
| cidsThreatResponseStatus | .1.3.6.1.4.1.9.9.383.1.2.23 | |
| cidsThreatResponseSeverity | .1.3.6.1.4.1.9.9.383.1.2.24 | |
| cidsAlertEventRiskRating | .1.3.6.1.4.1.9.9.383.1.2.25 | |
| cidsAlertIfIndex | .1.3.6.1.4.1.9.9.383.1.2.26 | |
| cidsAlertProtocol | .1.3.6.1.4.1.9.9.383.1.2.27 | |
| cidsAlertDeniedAttacker | .1.3.6.1.4.1.9.9.383.1.2.28 | |
| cidsAlertDeniedFlow | .1.3.6.1.4.1.9.9.383.1.2.29 | |
| cidsAlertSignature | .1.3.6.1.4.1.9.9.383.1.2.3 | |
| cidsAlertDenyPacketReqNotPerf | .1.3.6.1.4.1.9.9.383.1.2.30 | |
| cidsAlertDenyFlowReqNotPerf | .1.3.6.1.4.1.9.9.383.1.2.31 | |
| cidsAlertDenyAttackerReqNotPerf | .1.3.6.1.4.1.9.9.383.1.2.32 | |
| cidsAlertBlockConnectionReq | .1.3.6.1.4.1.9.9.383.1.2.33 | |
| cidsAlertLogAttackerPacketsAct | .1.3.6.1.4.1.9.9.383.1.2.34 | |
| cidsAlertLogVictimPacketsAct | .1.3.6.1.4.1.9.9.383.1.2.35 | |
| cidsAlertLogPairPacketsActivated | .1.3.6.1.4.1.9.9.383.1.2.36 | |
| cidsAlertRateLimitRequested | .1.3.6.1.4.1.9.9.383.1.2.37 | |
| cidsAlertDeniedAttackVictimPair | .1.3.6.1.4.1.9.9.383.1.2.38 | |
| cidsAlertDeniedAttackSericePair | .1.3.6.1.4.1.9.9.383.1.2.39 | |
| cidsAlertSignatureSigName | .1.3.6.1.4.1.9.9.383.1.2.4 | |
| cidsAlertDenyAttackVicReqNotPerf | .1.3.6.1.4.1.9.9.383.1.2.40 | |
| cidsAlertDenyAttackSerReqNotPerf | .1.3.6.1.4.1.9.9.383.1.2.41 | |
| cidsAlertThreatValueRating | .1.3.6.1.4.1.9.9.383.1.2.42 | |
| cidsAlertRiskRatingTargetValue | .1.3.6.1.4.1.9.9.383.1.2.43 | |
| cidsAlertRiskRatingRelevance | .1.3.6.1.4.1.9.9.383.1.2.44 | |
| cidsAlertRiskRatingWatchList | .1.3.6.1.4.1.9.9.383.1.2.45 | |
| cidsAlertDenyPacket | .1.3.6.1.4.1.9.9.383.1.2.46 | |
| cidsAlertBlockHost | .1.3.6.1.4.1.9.9.383.1.2.47 | |
| cidsAlertTcpOneWayResetSent | .1.3.6.1.4.1.9.9.383.1.2.48 | |
| cidsAlertVirtualSensor | .1.3.6.1.4.1.9.9.383.1.2.49 | |
| cidsAlertSignatureSigId | .1.3.6.1.4.1.9.9.383.1.2.5 | |
| cidsAlertSignatureSubSigId | .1.3.6.1.4.1.9.9.383.1.2.6 | |
| cidsAlertSignatureVersion | .1.3.6.1.4.1.9.9.383.1.2.7 | |
| cidsAlertSummary | .1.3.6.1.4.1.9.9.383.1.2.8 | |
| cidsAlertSummaryType | .1.3.6.1.4.1.9.9.383.1.2.9 | |
| cidsError | .1.3.6.1.4.1.9.9.383.1.3 | |
| cidsErrorSeverity | .1.3.6.1.4.1.9.9.383.1.3.1 | |
| cidsErrorName | .1.3.6.1.4.1.9.9.383.1.3.2 | |
| cidsErrorMessage | .1.3.6.1.4.1.9.9.383.1.3.3 | |
| cidsHealth | .1.3.6.1.4.1.9.9.383.1.4 | |
| cidsHealthPacketLoss | .1.3.6.1.4.1.9.9.383.1.4.1 | |
| cidsHealthActiveNodes | .1.3.6.1.4.1.9.9.383.1.4.10 | |
| cidsHealthTcpDualIpAndPorts | .1.3.6.1.4.1.9.9.383.1.4.11 | |
| cidsHealthUdpDualIpAndPorts | .1.3.6.1.4.1.9.9.383.1.4.12 | |
| cidsHealthIpDualIp | .1.3.6.1.4.1.9.9.383.1.4.13 | |
| cidsHealthIsSensorMemoryCritical | .1.3.6.1.4.1.9.9.383.1.4.14 | |
| cidsHealthIsSensorActive | .1.3.6.1.4.1.9.9.383.1.4.15 | |
| cidsHealthCommandAndControlPort | .1.3.6.1.4.1.9.9.383.1.4.16 | |
| cidsHealthSensorStatsResetTime | .1.3.6.1.4.1.9.9.383.1.4.17 | |
| cidsHealthSecMonAvailability | .1.3.6.1.4.1.9.9.383.1.4.18 | |
| cidsHealthSecMonOverallHealth | .1.3.6.1.4.1.9.9.383.1.4.19 | |
| cidsHealthPacketDenialRate | .1.3.6.1.4.1.9.9.383.1.4.2 | |
| cidsHealthSecMonSoftwareVersion | .1.3.6.1.4.1.9.9.383.1.4.20 | |
| cidsHealthSecMonSignatureVersion | .1.3.6.1.4.1.9.9.383.1.4.21 | |
| cidsHealthSecMonLicenseStatus | .1.3.6.1.4.1.9.9.383.1.4.22 | |
| cidsHealthSecMonOverallAppColor | .1.3.6.1.4.1.9.9.383.1.4.23 | |
| cidsHealthSecMonMainAppStatus | .1.3.6.1.4.1.9.9.383.1.4.24 | |
| cidsHealthSecMonAnalysisEngineStatus | .1.3.6.1.4.1.9.9.383.1.4.25 | |
| cidsHealthSecMonCollaborationAppStatus | .1.3.6.1.4.1.9.9.383.1.4.26 | |
| cidsHealthSecMonByPassMode | .1.3.6.1.4.1.9.9.383.1.4.27 | |
| cidsHealthSecMonMissedPktPctAndThresh | .1.3.6.1.4.1.9.9.383.1.4.28 | |
| cidsHealthSecMonAnalysisEngMemPercent | .1.3.6.1.4.1.9.9.383.1.4.29 | |
| cidsHealthAlarmsGenerated | .1.3.6.1.4.1.9.9.383.1.4.3 | |
| cidsHealthSecMonSensorLoad | .1.3.6.1.4.1.9.9.383.1.4.30 | |
| cidsHealthSecMonSensorLoadColor | .1.3.6.1.4.1.9.9.383.1.4.31 | |
 cidsHealthSecMonVirtSensorStatusTable | .1.3.6.1.4.1.9.9.383.1.4.32 | |
 cidsHealthSecMonVirtSensorStatusEntry | .1.3.6.1.4.1.9.9.383.1.4.32.1 | |
 cidsHealthSecMonVirtSensorName | .1.3.6.1.4.1.9.9.383.1.4.32.1.1 | |
| cidsHealthSecMonVirtSensorStatus | .1.3.6.1.4.1.9.9.383.1.4.32.1.2 | |
| cidsHealthSecMonDataStorageTable | .1.3.6.1.4.1.9.9.383.1.4.33 | |
| cidsHealthSecMonDataStorageEntry | .1.3.6.1.4.1.9.9.383.1.4.33.1 | |
| cidsHealthSecMonPartitionName | .1.3.6.1.4.1.9.9.383.1.4.33.1.1 | |
| cidsHealthSecMonTotalPartitionSpace | .1.3.6.1.4.1.9.9.383.1.4.33.1.2 | |
| cidsHealthSecMonUtilizedPartitionSpace | .1.3.6.1.4.1.9.9.383.1.4.33.1.3 | |
| cidsHealthFragmentsInFRU | .1.3.6.1.4.1.9.9.383.1.4.4 | |
| cidsHealthDatagramsInFRU | .1.3.6.1.4.1.9.9.383.1.4.5 | |
| cidsHealthTcpEmbryonicStreams | .1.3.6.1.4.1.9.9.383.1.4.6 | |
| cidsHealthTCPEstablishedStreams | .1.3.6.1.4.1.9.9.383.1.4.7 | |
| cidsHealthTcpClosingStreams | .1.3.6.1.4.1.9.9.383.1.4.8 | |
| cidsHealthTcpStreams | .1.3.6.1.4.1.9.9.383.1.4.9 | |
| ciscoCidsMIBConform | .1.3.6.1.4.1.9.9.383.2 | |
| ciscoCidsMIBCompliances | .1.3.6.1.4.1.9.9.383.2.1 | |
| ciscoCidsMIBGroups | .1.3.6.1.4.1.9.9.383.2.2 |
Notifications/Traps
| Name | OID | Description |
|---|---|---|
 ciscoCidsAlert | .1.3.6.1.4.1.9.9.383.0.1 | Event indicating that some suspicious or malicious activity has been detected on a monitored network. |
| ciscoCidsError | .1.3.6.1.4.1.9.9.383.0.2 | Event indicating that an error has occurred. |
| ciscoCidsHealthHeartBeat | .1.3.6.1.4.1.9.9.383.0.3 | This notification is triggered by the heart beat events
(evStatus). The heartbeat is configured to run on a periodic
basis and can be enabled/disabled through heart beat
configuration under the health service. If the heart beat is
disabled these notification events will not be sent.
This notification is supposed to mirror the heart beat evStatus
message however it is a subset of the most critical pieces of
data. Namely this will include the following pieces of data:
- Event ID
- Host ID
- Local Time
- UTC Time
- Overall Application Color
- Sensor/Inspection Load Color
- Overall Health |
| ciscoCidsHealthMetricChange | .1.3.6.1.4.1.9.9.383.0.4 | This notification notifies the recipient of health and
security status changes. This notification is triggered when
there is a change in the value of monitored metrics as indicated
by evStatus message. This notification will include the
following important subset of attributes from evStatus message:
- Event ID
- Host ID
- Local Time
- UTC Time
- Overall Application Color
- Sensor/Inspection Load Color
- Overall Health
This is similar to the heart beat, however the triggering
condition is different. The heart beat fires on a regular
interval and this is sent immediately after a change in a
monitored metric. Metric change notifications can be enabled
while the heart beat is disabled. |