CISCO-CIDS-MIB Download

MIBs list

Cisco Intrusion Detection System MIB. Provides trap definitions for the evAlert and evError elements of the IDIOM (Intrusion Detection and Operations Messages) document and read support for the Intrusion Detection System (sensor) health information.

IPHost Network Monitor offer an easy way of SNMP monitoring your Cisco Servers, Routers, Switches, Bridges, Firewalls, Repeaters.

OID list for CISCO-CIDS-MIB

cidsGeneralEventId: Identifies the sequence number of an event. This value needs to be unique within the scope of the originating host.
cidsGeneralLocalTime: The local time on the Cisco intrusion detection system sensor when the alert was generated.
cidsGeneralUTCTime: The UTC time on the Cisco intrusion detection system sensor when the alert was generated.
cidsGeneralOriginatorHostId: A globally unique identifier for a Cids host. Could be a host name or an ip address.
cidsGeneralOriginatorAppName: The optional generic name of a Cids application.
cidsGeneralOriginatorAppId: The optional id of this instance of the application. Typically the process id (pid).
cidsNotificationsEnabled: Indicates whether notifications will or will not be sent when an event is generated by the device.
cidsAlertSeverity: The severity associated with a Cids signature (informational, low, medium or high for example).
cidsAlertAlarmTraits: The alarm traits is an unsigned 16-bit integer representing the value of the 16 user-defined alarm traits specified in the configuration for the signature that triggered the alert. The alarmTraits bits are used to classify signatures into user-defined ca ...
cidsAlertSignature: Content is a string containing details about the signature that fired, without any specifics tied to this instance of the alert. The cidsAlertSignatureSigName, cidsAlertSignatureSigId and cidsAlertSignatureSubSigId attributes define the signature that t ...
cidsAlertSignatureSigName: The name of the Intrusion detection signature that triggered this event.
cidsAlertSignatureSigId: The ID of the Intrusion detection signature that triggered this event. The ID combines with the cidsAlertSignatureSubSigId to create a unique key that identifies the signature that generated this event.
cidsAlertSignatureSubSigId: The optional Sub ID of the Intrusion detection signature that triggered this event. The Sub ID combines with the cidsAlertSignatureSigId to create a unique key that identifies the signature that generated this event.
cidsAlertSignatureVersion: The optional version attribute defines the version number of the signature update in which the triggering signature was introduced or was last modified. Example: 4.1(1.1)S47(0.1)
cidsAlertSummary: Optional, if present, specifies that this is a summary alert, representing one or more alerts with common characteristics. The numeric value indicates the number of times the signature fired since the last summary alert with a matching 'initialAlert' attr ...
cidsAlertSummaryType: Common characteristics shared by all non-summary alerts included in a summary alert.
cidsAlertSummaryFinal: The optional 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribute. The 'final' attribute may be omitted if and only if its value is false.
cidsAlertSummaryInitialAlert: Serial number for the initial alert, which is guaranteed unique within the scope of the originating host.
cidsAlertInterfaceGroup: Optional numeric identifier for a sniffing interface group on this host.
cidsAlertVlan: An optional numeric identifier for a vlan. Identifies the vlan that uses the number in ISL or 802.3.1q headers.
cidsAlertVictimContext: Optional Base64-encoded representation of the stream data that was sourced by the victim.
cidsAlertAttackerContext: Optional Base64-encoded representation of the stream data that was sourced by the Attacker.
cidsAlertAttackerAddress: Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the ip address within the network mapping, such as whether the address falls within the address range of a protected netw ...
cidsAlertVictimAddress: Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the ip address within the network mapping, such as whether the address falls within the address range of a protected netw ...
cidsAlertIpLoggingActivated: Optional. Indicates whether ip logging has been activated as the result of the alert. A separate evIpLogStatus event will be generated when logging has been completed. The evIpLogStatus event contains the URL where the log results may be obtained. Thi ...
cidsAlertTcpResetSent: Optional. Indicates whether a attempt was made to reset a tcp connection as the result of the alert. The addresses and ports affected must be implied from the information contained in the participant elements of the evAlert. This element may be omitted ...
cidsAlertShunRequested: Optional. Indicates whether an ip address or tcp connection has been requested to be shunned as a result of the alert. Details about the addresses and ports involved in the shun can be obtained from evNacStatus events sent by the Network Access Controll ...
cidsAlertDetails: Optional. Textual details about the specific alert instance, not just the signature.
cidsAlertIpLogId: IP log identifiers for IP logs that were added as the result of this alert.
cidsThreatResponseStatus: A brief textual description of the status of the alarm given by the Cisco Systems Threat Response engine.
cidsThreatResponseSeverity: The alarm severity as assigned by the Cisco Systems Threat Response engine.
cidsAlertEventRiskRating: A risk factor that incorporates several additional pieces of information beyond the detection of a potentially malicious action. The factors that characterize this risk are the severity of the attack if it were to succeed, the fidelity of the signature, ...
cidsErrorSeverity: Severity of an error (warning, error or fatal for example). An example of a type of error that could occur would be when a requested action could not be completed because it would create a resource that would exceed a system resource limit.
cidsErrorName: An enumerated error code, which identifies a general class of errors.
cidsErrorMessage: A textual description of the error that occurred.
cidsHealthPacketLoss: The percentage of packets lost at the device interface level.
cidsHealthPacketDenialRate: The percentage of packets denied due to protocol and security violations.
cidsHealthAlarmsGenerated: The number of alarms generated, includes all currently defined alarm severities.
cidsHealthFragmentsInFRU: The number of fragments currently queued in the fragment reassembly unit.
cidsHealthDatagramsInFRU: The number of datagrams currently queued in the fragment reassembly unit.
cidsHealthTcpEmbryonicStreams: The number of embryonic TCP streams currently queued in the device. TCP streams are considered embryonic if they have not completed the TCP three-way handshake.
cidsHealthTCPEstablishedStreams: The number of established TCP streams currently queued in the device. Once a stream has completed a TCP three-way handshake it will move to the established state.
cidsHealthTcpClosingStreams: The number of closing TCP streams currently queued in the device. A stream will move from the established state to closing when a valid FIN or RST flag is received.
cidsHealthTcpStreams: The number of TCP streams (embryonic, established and closing) currently queued in the device.
cidsHealthActiveNodes: The number of active nodes currently queued in the device.
cidsHealthTcpDualIpAndPorts: The number TCP nodes keyed on both IP addresses and both ports currently queued in the device.
cidsHealthUdpDualIpAndPorts: The number UDP nodes keyed on both IP addresses and both ports currently queued in the device.
cidsHealthIpDualIp: The number IP nodes keyed on both IP addresses currently queued in the device.
cidsHealthIsSensorMemoryCritical: A value between 0 and 10 that should rarely get above 3. If this is non-zero the sensor has stopped enforcing policy on some traffic in order to keep up with the current traffic load; the sensor is oversubscribed. The higher the number the more oversubsc ...
cidsHealthIsSensorActive: Indicates the failover status of the device. True indicates the device is currently active. False indicates it is in a standby mode.
cidsHealthCommandAndControlPort: The status and network statistics of the currently configured Command and Control interface on the device. The Command and Control interface is where all of the communications for command and control of the sensor occurs. This is important to identify w ...
cidsHealthSensorStatsResetTime: The value of SNMPv2-MIB::sysUpTime when the Sensor specific statistics was reset. The reset time is collectively for the following objects: cidsHealthPacketLoss, cidsHealthPacketDenies, cidsHealthAlarmsGenerated, cidsHealthFragmentsInFRU, cidsHealthDatag ...
ciscoCidsGeneralObjectGroup: General Objects.
ciscoCidsAlertObjectGroup: Alert Objects.
ciscoCidsErrorObjectGroup: Error Objects.
ciscoCidsHealthObjectGroup: Health Objects.

Download IPHost Network Monitor (500 monitors for 30 days, 50 monitors free forever) to start monitoring network devices right now.

MIBs list