This MIB provides management information about the Threat
Mitigation Service(TMS) entity named 'Consumer'. TMS is part
of Cisco's Network Infection Containment (NIC) security
framework. The MIB is expected to be implemented on all
entities that act as TMS consumers.
The NIC framework deals with threat mitigation. The NIC
architecture consists of controllers and one or more consumers
registered with these controllers. The controller is
responsible for detecting threats and conveying the
information about the same to one or more consumers that
could be the potential targets of the detected threat.
Upon receiving the information about the threat from
the controller, the consumer responds with appropriate
mitigation actions according to the policies configured
on it and as indicated in the threat notification message.
TMS protocol is used for distribution and management of threat
related information from the controller to consumers.
TMS runs over TIDP layer which is used as distribution layer.
TIDP layer provides a secured connection between the
controller and the consumers. TIDP also provides group
Each consumer needs to participate in a TIDP group in order
to receive threat notification message from controller
in that TIDP group. To participate in a TIDP group consumer
needs to register with the controller of that group,
from which it intends to receive threat messages.
When the controller needs to distribute the information
about a threat to one or more target TIDP groups or to
one particular consumer in a TIDP group, it delivers
the information to the respective entities through
TMS protocol messages. Upon receiving the threat
notification message, consumer determines the appropriate
mitigation action to be executed, with the corresponding
action parameters, based on the configuration and information
available in threat message. The respective action is then
The state of threat is set according to the result of
enforcement action, e.g., upon successful application of
enforcement action it is marked as Active. The consumer then
responds to the controller with the results of the
mitigation action carried out for the threat.
Active Threat : A threat is active on a consumer if mitigation
action corresponding to the threat has been enforced
Inactive Threat : A threat is inactive on a consumer if
mitigation action corresponding to the threat has been
ACL : Access Control List is the list of rules which are
used to filter or classify packets based on protocol
ACL drop : ACL drop action refers to the drop action taken
on packets matching any of the filters in the access list.
DSCP : Differentiated Service Code Point is same as 'Type of
Service' field in IP header, used in reference to quality
FPM : Flexible Packet Matching is a framework which provides
packet filtering based on pattern at any offset in the packet.
FPM drop : FPM drop action refers to the drop action taken on
packet filtered by FPM.
TCDF : Traffic Classification Definition File gives
the XML description of traffic class.
TIDP : Threat Information Distribution Protocol is a
distribution protocol, which provides a secured connectivity
between network devices. It also provides a group management
TIDP group : A closed group of network devices which share
authentication and encryption keys for message exchange.
TMS : TMS protocol provides information about threats and the
mitigation action required for the threats in a TIDP network.
TIDP network : TIDP network comprises of one or more