CISCO-THREAT-MITIGATION-SERVICE-MIB

        
This MIB provides management information about the Threat 
Mitigation Service(TMS) entity named 'Consumer'. TMS is part
of Cisco's Network Infection Containment (NIC) security 
framework. The MIB is expected to be implemented on all 
entities that act as TMS consumers.
        
The NIC framework deals with threat mitigation. The NIC
architecture consists of controllers and one or more consumers
registered with these controllers. The controller is 
responsible for detecting threats  and conveying the 
information about the same to one or more consumers that
could be the potential targets of the detected threat.  
Upon receiving the  information about the threat from 
the controller, the consumer responds with appropriate 
mitigation  actions according to the policies configured 
on it and as indicated in the threat notification message.
        
TMS protocol is used for distribution and management of threat
related information from the controller to consumers. 
TMS runs over TIDP layer which is used as distribution layer.
TIDP layer provides a secured connection between  the 
controller and the consumers. TIDP also  provides group
management services.
        
Each consumer needs to participate in a TIDP group in order
to receive threat notification message from controller 
in that TIDP group. To participate in a TIDP group consumer
needs to register with the controller of that group,
from which it intends to receive threat messages. 
        
When the controller needs to distribute the information   
about a threat to one or more target TIDP groups or to   
one particular consumer in a TIDP group, it delivers   
the information to the respective entities through   
TMS protocol messages.  Upon receiving the threat   
notification message, consumer determines the appropriate
mitigation action to  be executed, with the corresponding
action parameters, based on the configuration and information
available in threat message. The respective action is then 
executed. 
        
The state of threat is set according to the result of 
enforcement action, e.g., upon successful application of 
enforcement action it is marked as Active. The consumer then 
responds to the controller with the results of the 
mitigation action carried out for the threat.
        
                     GLOSSARY
                     --------
        
Active Threat : A threat is active on a consumer if mitigation 
action corresponding to the threat has been enforced 
successfully.
        
Inactive Threat : A threat is inactive on a consumer if
mitigation action corresponding to the threat has been 
undone successfully.
        
ACL : Access Control List is the list of rules which are 
used to filter or classify packets based on protocol
parameters.
        
ACL drop : ACL drop action refers to the drop action taken 
on packets matching any of the filters in the access list.
        
DSCP :  Differentiated Service Code Point is same as 'Type of 
Service' field in IP header, used in reference to quality 
of service.
        
FPM : Flexible Packet Matching is a framework which provides 
packet filtering based on pattern at any offset in the packet.
        
FPM drop : FPM drop action refers to the drop action taken on
packet filtered by FPM.
        
TCDF : Traffic Classification Definition File gives 
the XML description of traffic class.
        
TIDP : Threat Information Distribution Protocol is a 
distribution protocol, which provides a secured connectivity 
between network devices. It also provides a group management
function.
        
TIDP group : A closed group of network devices which share  
authentication and encryption keys for message exchange.
        
TMS  : TMS protocol provides information about threats and the
mitigation action required for the threats in a TIDP network.
        
TIDP network : TIDP network comprises of one or more 
TIDP groups.

Imported Objects

ciscoMgmt	CISCO-SMI
ifIndex	IF-MIB
InetAddressType, InetAddress	INET-ADDRESS-MIB
SnmpAdminString	SNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP	SNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32	SNMPv2-SMI
RowStatus, DateAndTime, TruthValue, TEXTUAL-CONVENTION, StorageType	SNMPv2-TC

Type Definitions (6)

Name	Base Type	Values/Constraints
CTmsActionParamIdType	Enumeration	noParams(1), cir(2), bir(3), be(4), nexthop(5), dscpVal(6), vlanId(7)
CTmsActionParamType	Enumeration	unsigned(1), networkAddress(2), string(3)
CTmsActionType	Enumeration	ignore(1), aclDrop(2), fpmDrop(3), redirect(4), police(5), setIPDscp(6), localException(7), quarantine(8)
CTmsConsumerRegistrationStatus	Enumeration	notRegistered(1), registrationRequestSent(2), registered(3), registrationFailed(4)
CTmsConsumerState	Enumeration	disabled(1), enabled(2)
CTmsThreatStatus	Enumeration	unknown(1), active(2), inactive(3), created(4), pending(5), activationFailed(6), inactivationFailed(7), deleted(8)

Objects

ciscoThreatMitigationServiceMIB		.1.3.6.1.4.1.9.9.603
ciscoTmsMIBNotifs		.1.3.6.1.4.1.9.9.603.0
ciscoTmsMIBObjects		.1.3.6.1.4.1.9.9.603.1
ciTmsConsumerGlobals		.1.3.6.1.4.1.9.9.603.1.1
ciTmsActiveThreats	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.1
ciTmsInActiveThreats	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.2
ciTmsConsumerDeviceId	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.1.3
ciTmsGroupsMaxEntries	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.4
ciTmsThreatsMaxEntries	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.5
ciTmsThreatActionMaxEntries	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.6
ciTmsInterfaceMaxEntries	Unsigned32	.1.3.6.1.4.1.9.9.603.1.1.7
ciTmsConsumerState	CTmsConsumerState	.1.3.6.1.4.1.9.9.603.1.1.8
ciTmsConsumerGroup		.1.3.6.1.4.1.9.9.603.1.2
ciTmsGroupTable		.1.3.6.1.4.1.9.9.603.1.2.1
ciTmsGroupEntry	ciTmsGroupId ciTmsControllerIpType ciTmsControllerIp	.1.3.6.1.4.1.9.9.603.1.2.1.1
ciTmsGroupId	Unsigned32	.1.3.6.1.4.1.9.9.603.1.2.1.1.1
ciTmsControllerIpType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.603.1.2.1.1.2
ciTmsControllerIp	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.603.1.2.1.1.3
ciTmsGroupConsumerRegStatus	CTmsConsumerRegistrationStatus	.1.3.6.1.4.1.9.9.603.1.2.1.1.4
ciTmsGroupNotifEnable	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.603.1.2.1.1.5
ciTmsGroupStorageType	SNMPv2-TCStorageType	.1.3.6.1.4.1.9.9.603.1.2.1.1.6
ciTmsGroupRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.4.1.9.9.603.1.2.1.1.7
ciTmsConsumerThreat		.1.3.6.1.4.1.9.9.603.1.3
ciTmsThreatTable		.1.3.6.1.4.1.9.9.603.1.3.1
ciTmsThreatEntry	ciTmsThreatOwner ciTmsThreatId ciTmsGroupId ciTmsControllerIpType ciTmsControllerIp	.1.3.6.1.4.1.9.9.603.1.3.1.1
ciTmsThreatOwner	Unsigned32	.1.3.6.1.4.1.9.9.603.1.3.1.1.1
ciTmsThreatId	Unsigned32	.1.3.6.1.4.1.9.9.603.1.3.1.1.2
ciTmsThreatVer	Unsigned32	.1.3.6.1.4.1.9.9.603.1.3.1.1.3
ciTmsThreatStatus	CTmsThreatStatus	.1.3.6.1.4.1.9.9.603.1.3.1.1.4
ciTmsThreatClass	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.3.1.1.5
ciTmsThreatName	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.3.1.1.6
ciTmsThreatActiveTimeDuration	SNMPv2-TCDateAndTime	.1.3.6.1.4.1.9.9.603.1.3.1.1.7
ciTmsThreatPriority	Unsigned32	.1.3.6.1.4.1.9.9.603.1.3.1.1.8
ciTmsThreatTcdf	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.3.1.1.9
ciTmsThreatActionTable		.1.3.6.1.4.1.9.9.603.1.3.2
ciTmsThreatActionEntry	ciTmsThreatOwner ciTmsThreatId ciTmsGroupId ciTmsControllerIpType ciTmsControllerIp ciTmsThreatAction ciTmsThreatActionParamId	.1.3.6.1.4.1.9.9.603.1.3.2.1
ciTmsThreatAction	CTmsActionType	.1.3.6.1.4.1.9.9.603.1.3.2.1.1
ciTmsThreatActionParamId	CTmsActionParamIdType	.1.3.6.1.4.1.9.9.603.1.3.2.1.2
ciTmsThreatActionParamType	CTmsActionParamType	.1.3.6.1.4.1.9.9.603.1.3.2.1.3
ciTmsThreatActionParamLength	Unsigned32	.1.3.6.1.4.1.9.9.603.1.3.2.1.4
ciTmsThreatActionParamValue	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.3.2.1.5
ciTmsThreatActionFailReason	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.603.1.3.2.1.6
ciTmsThreatInterfaceTable		.1.3.6.1.4.1.9.9.603.1.3.3
ciTmsThreatInterfaceEntry	ciTmsThreatId ciTmsThreatOwner ciTmsGroupId ciTmsControllerIpType ciTmsControllerIp IF-MIBifIndex	.1.3.6.1.4.1.9.9.603.1.3.3.1
ciThreatInterfaceMitigationApplied	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.603.1.3.3.1.1
ciTiTmsConsumerNotifs		.1.3.6.1.4.1.9.9.603.1.4
ciTmsConsStateChangeNotifEnable	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.603.1.4.1
ciscoTmsMIBConform		.1.3.6.1.4.1.9.9.603.2
ciscoTmsMIBCompliances		.1.3.6.1.4.1.9.9.603.2.1
ciscoTmsMIBGroups		.1.3.6.1.4.1.9.9.603.2.2

Notifications/Traps

Name	OID	Description
ciscoTmsConsStateChange ciTmsConsumerState	.1.3.6.1.4.1.9.9.603.0.1	This notification is generated to indicate the current operational state of the consumer, when the consumer undergoes a state change.
ciscoTmsControllerUnreachable ciTmsGroupConsumerRegStatus	.1.3.6.1.4.1.9.9.603.0.2	This notification is generated by the consumer when the controller it has registered with becomes unreachable. This notification will be generated only when notification generation is enabled for the corresponding TIDP group through ciTmsGroupNotifEnable.
ciscoTmsThreatStatusChange ciTmsThreatVer ciTmsThreatStatus ciTmsThreatPriority	.1.3.6.1.4.1.9.9.603.0.3	This notification is generated by the consumer when consumer acts upon a particular threat and changes the state of the threat. This notification will be generated only when notification generation is enabled for the corresponding TIDP group through ciTmsGroupNotifEnable.
ciscoTmsMitigationActionFailed ciTmsThreatActionParamType ciTmsThreatActionParamLength ciTmsThreatActionParamValue ciTmsThreatActionFailReason	.1.3.6.1.4.1.9.9.603.0.4	This notification is generated by the consumer when the mitigation action enforced for a particular threat fails. The notification contains the information about the failed mitigation action and the reason for the failure indicated by ciTmsThreatActionFailReason. This notification will be generated only when notification generation is enabled for the corresponding TIDP group through ciTmsGroupNotifEnable.