CISCO-THREAT-MITIGATION-SERVICE-MIB Download

MIBs list

This MIB provides management information about the Threat Mitigation Service(TMS) entity named 'Consumer'. TMS is part of Cisco's Network Infection Containment (NIC) security framework. The MIB is expected to be implemented on all entities that act as TMS consumers. The NIC framework deals with threat mitigation. The NIC architecture consists of controllers and one or more consumers registered with these controllers. The controller is responsible for detecting threats and conveying the information about the same to one or more consumers that could be the potential targets of the detected threat. Upon receiving the information about the threat from the controller, the consumer responds with appropriate mitigation actions according to the policies configured on it and as indicated in the threat notification message. TMS protocol is used for distribution and management of threat related information from the controller to consumers. TMS runs over TIDP layer which is used as distribution layer. TIDP layer provides a secured connection between the controller and the consumers. TIDP also provides group management services. Each consumer needs to participate in a TIDP group in order to receive threat notification message from controller in that TIDP group. To participate in a TIDP group consumer needs to register with the controller of that group, from which it intends to receive threat messages. When the controller needs to distribute the information about a threat to one or more target TIDP groups or to one particular consumer in a TIDP group, it delivers the information to the respective entities through TMS protocol messages. Upon receiving the threat notification message, consumer determines the appropriate mitigation action to be executed, with the corresponding action parameters, based on the configuration and information available in threat message. The respective action is then executed. The state of threat is set according to the result of enforcement action, e.g., upon successful application of enforcement action it is marked as Active. The consumer then responds to the controller with the results of the mitigation action carried out for the threat.

IPHost Network Monitor offer an easy way of SNMP monitoring your Cisco Servers, Routers, Switches, Bridges, Firewalls, Repeaters.

OID list for CISCO-THREAT-MITIGATION-SERVICE-MIB

ciTmsActiveThreats: This object represents the total number of active threats in the consumer.
ciTmsInActiveThreats: This object represents the total number of inactive threats in the consumer.
ciTmsConsumerDeviceId: This object is used for configuring the name of the consumer. This could be any generic string, e.g. 'Consumer-1'.
ciTmsGroupsMaxEntries: This object represents the maximum number of rows in ciTmsGroupTable.
ciTmsThreatsMaxEntries: This object represents the maximum number of rows in ciTmsThreatTable.
ciTmsThreatActionMaxEntries: This object represents the maximum number of rows in ciTmsThreatActionTable.
ciTmsInterfaceMaxEntries: This object represents the maximum number of rows in ciTmsThreatInterfaceTable.
ciTmsConsumerState: This object represents the current state of the consumer.
ciTmsGroupTable: Consumer can participate in one of more TIDP groups, each group having one or more controllers. The table represents the list of controllers in a particular group. A row is added to the table when a controller's IP address is added to the list of known co ...
ciTmsGroupEntry: Each entry represents a conceptual row in ciTmsGroupTable and corresponds to the information about the controller and TIDP group a consumer is registered with.
ciTmsGroupId: This object represents the TIDP group Id.
ciTmsControllerIpType: This object represents the type of the network address available through ciTmsControllerIp.
ciTmsControllerIp: This object represents the network address of the controller. The type of the address is represented by ciTmsControllerIpType.
ciTmsGroupConsumerRegStatus: This object represents the status of consumer's registration with the controller in a TIDP group.
ciTmsGroupNotifEnable: This object indicates whether following notifications should be generated for a group : 1. ciscoTmsControllerUnreachable 2. ciscoTmsThreatStatusChange 3. ciscoTmsMitigationActionFailed Setting this object to 'true' enables the group level notifications, w ...
ciTmsGroupStorageType: The storage type for this conceptual row.
ciTmsGroupRowStatus: The status of this conceptual row. An entry can be created/deleted using this object. A row may be deleted by setting the RowStatus to 'destroy'.
ciTmsThreatTable: This table represents the information about the threats the consumer has received from various controllers belonging to different TIDP groups it is registered with. A threat received from one controller in a TIDP group is uniquely identified by the threa ...
ciTmsThreatEntry: Each entry represents a conceptual row in ciTmsThreatTable and corresponds to the information about a threat and it's various attributes, received from a controller in a given TIDP group.
ciTmsThreatOwner: This object identifies the controller that has notified the consumer about the threat.
ciTmsThreatId: This object represents the identifier for the particular threat.
ciTmsThreatVer: This object represents the version of the threat.
ciTmsThreatStatus: This object represents the current status of the threat on the consumer. This is evaluated locally on consumer.
ciTmsThreatClass: This object represents the class of threat. An example of class is 'Worm'.
ciTmsThreatName: This object represents name of the threat. An example of threat name is 'WittyWorm'.
ciTmsThreatActiveTimeDuration: This object represents the duration the threat has been active for.
ciTmsThreatPriority: This object represents the priority at which the consumer responds to this threat. A higher value indicates a lower priority for the threat and vice versa.
ciTmsThreatTcdf: This object represents the TCDF related information received in the threat. For example, .
ciTmsThreatActionTable: This table represents mitigation action for the respective threat. A threat is uniquely represented by the threat id, owner id, controller IP and TIDP group ID and hence corresponding objects are used as indices. A row is added to the table when the cons ...
ciTmsThreatActionEntry: Each entry represents a conceptual row in ciTmsThreatActionTable and corresponds to the information about the mitigation action applied for a particular threat.
ciTmsThreatAction: This object represents the mitigation action taken by the consumer for a threat.
ciTmsThreatActionParamId: This object identifies an action parameter.
ciTmsThreatActionParamType: This object represents the type of an action parameter.
ciTmsThreatActionParamLength: This object represents the length of the action parameter identified by ciTmsThreatActionParamId.
ciTmsThreatActionParamValue: This object represents the value of the parameter identified by ciTmsThreatActionParamId. This value should be interpreted using type and length of the parameter value represented by ciTmsThreatActionParamType and ciTmsThreatActionParamLength respectively ...
ciTmsThreatActionFailReason: This object specifies the reason for the failure of a particular threat mitigation action. 'OER mitigation not supported' is an example of the value populated for this object. For successfully mitigated threats, this will be a zero-length string.
ciTmsThreatInterfaceTable: The application of threat mitigation is typically done on one or more interfaces. This table represents the status of mitigation action applied on the respective interfaces. A row is added to the table when the consumer enforces a mitigation action on a i ...
ciTmsThreatInterfaceEntry: Each entry represents a row in ciTmsThreatInterfaceTable and corresponds to the information about the interface on which the threat mitigation action is applied.
ciThreatInterfaceMitigationApplied: This object indicates whether the mitigation action for a particular threat has been successfully applied on an interface or not. A value of 'true' indicates the successful application of mitigation action, while a value of 'false' indicates that the mit ...
ciTmsConsStateChangeNotifEnable: This object is used to control the generation of the ciscoTmsConsStateChange notifications. A value of 'true' indicates that the agent is enabled to generate this notification. A value of 'false' indicates the generation of this notification is currentl ...
ciscoTmsConsumerGroup: This collection of objects represent the information about the TIDP groups, the controller(s) in a TIDP group and the status of a consumer's registration with the controller in the TIDP group.
ciscoTmsThreatGroup: This collection of objects represents the information about the threats detected, as being targeted towards a consumer, by a controller in a TIDP group.
ciscoTmsThreatActionGroup: This collection of objects represent the information about the mitigation actions taken for the respective threats by the consumer.
ciscoTmsThreatInterfaceGroup: This collection of objects represent the information about the interfaces on which the mitigation action for a particular threat is applied.

Download IPHost Network Monitor (500 monitors for 30 days, 50 monitors free forever) to start monitoring network devices right now.

MIBs list