CISCO-CIDS-MIB

File: CISCO-CIDS-MIB.mib (84830 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB IF-MIB CISCO-TC
CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Integer32 Unsigned32 Counter32
TimeTicks Gauge32 OBJECT-IDENTITY
MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
TEXTUAL-CONVENTION TruthValue DateAndTime
DisplayString SnmpAdminString InterfaceIndex
Unsigned64 CiscoIpProtocol ciscoMgmt

Defined Types

CidsHealthStatusColor  
An enumerated value which identifies the status colors for health related statistics. The colors are chosen since they are commonly used in health dashboards when visualizing the status of a component and should generally be understood. green Indicates sensor health status is good and currently no issues. yellow Indicates degrade in health status. please monitor closely until the status changes back to green. red A problem has occurred and the status is unhealthy immediate attention is needed.
TEXTUAL-CONVENTION    
  INTEGER green(1), yellow(2), red(3)  

CidsApplicationStatus  
An enumerated value which identifies the status values that are possible for a process. notResponding The process is no longer responding and may be down. notRunning The process is not currently running. processingTransaction The process is currently processing a control transaction. reconfiguring The configuration for this process is being changed. running The process is up and running. starting The process is starting and will be up and running momentarily. stopping The process is currently being shut down. unknown Unable to determine the current process status. upgradeInprogress The process is currently being upgraded.
TEXTUAL-CONVENTION    
  INTEGER notResponding(1), notRunning(2), processingTransaction(3), reconfiguring(4), running(5), starting(6), stopping(7), unknown(8), upgradeInprogress(9)  

CidsErrorCode  
An enumerated value which identifies the general category of error that occurred. errAuthenticationTokenExpired The requested action could not be carried out because the requestor has provided an authentication token (e.g. password) that has expired. errConfigCollision The value of the config-token request parameter in a setComponentConfig control transaction request does not match the current configuration document on the target host. Typically this indicates that the configuration on the target host has been modified by another user. errInUse The requested action could not be completed because it requires access to a resource that is in use. errInvalidDocument The request contained a document that was not well-formed, contained an incorrect root element, or contained additional elements or attributes that are not permitted by the lax IDIOM schema. errLimitExceeded The requested action could not be completed because it would create a resource that would exceed a system resource limit. errNotAvailable The requested action is supported but cannot be performed due to the current configuration of the target host. errNotFound A resource specified in the request does not exist. errNotSupported The requested action is not supported on the target host. errPermissionDenied The requestor does not have a sufficiently high authorization level to perform the requested action. errSyslog Used to convey messages of interest from the host system's syslog. errSystemError A system error occurred, such as an out-of-memory condition, disk access error, etc. errTransport The requested action could not be carried out because of a communications failure with another host that is involved in the action. errUnacceptableValue The request document was valid but contained one or more values that could not be accepted because they either: (1) conflict with other values in the same document or (2) are not acceptable due to the current state of the system. errUnclassified Used to convey an unclassified error condition. errWarning Used to convey a software warning condition detected by an application running on the host system. errEngineBuildFailed The system failed to build an intrusion detection engine.
TEXTUAL-CONVENTION    
  INTEGER errAuthenticationTokenExpired(1), errConfigCollision(2), errInUse(3), errInvalidDocument(4), errLimitExceeded(5), errNotAvailable(6), errNotFound(7), errNotSupported(8), errPermissionDenied(9), errSyslog(10), errSystemError(11), errTransport(12), errUnacceptableValue(13), errUnclassified(14), errWarning(15), errEngineBuildFailed(16)  

CidsTargetValue  
An enumerated value which identifies the asset value associated with a target. zeroValue Target has zero perceived value to the network. low Target has low perceived value to the network. medium Target has medium perceived value to the network. high Target has high perceived value to the network. missionCritical Target is a mission critical component in the network.
TEXTUAL-CONVENTION    
  INTEGER zeroValue(1), low(2), medium(3), high(4), missionCritical(5)  

CidsAttackRelevance  
An enumerated value which identifies an attack's relevance to its target. relevant The attack is relevant to the target. notRelevant The attack is not relevant to the target. unknown The relevancy of the attack is unknown.
TEXTUAL-CONVENTION    
  INTEGER relevant(1), notRelevant(2), unknown(3)  

CidsHealthSecMonVirtSensorStatusEntry  
SEQUENCE    
  cidsHealthSecMonVirtSensorName DisplayString
  cidsHealthSecMonVirtSensorStatus CidsHealthStatusColor

CidsHealthSecMonDataStorageEntry  
SEQUENCE    
  cidsHealthSecMonPartitionName DisplayString
  cidsHealthSecMonTotalPartitionSpace Unsigned32
  cidsHealthSecMonUtilizedPartitionSpace Unsigned32

Defined Values

ciscoCidsMIB 1.3.6.1.4.1.9.9.383
Cisco Intrusion Detection System MIB. Provides trap definitions for the evAlert and evError elements of the IDIOM (Intrusion Detection and Operations Messages) document and read support for the Intrusion Detection System (sensor) health information, such as if the sensor is in a memory critical stage.
MODULE-IDENTITY    

ciscoCidsMIBNotifs 1.3.6.1.4.1.9.9.383.0
OBJECT IDENTIFIER    

ciscoCidsMIBObjects 1.3.6.1.4.1.9.9.383.1
OBJECT IDENTIFIER    

ciscoCidsMIBConform 1.3.6.1.4.1.9.9.383.2
OBJECT IDENTIFIER    

cidsGeneral 1.3.6.1.4.1.9.9.383.1.1
OBJECT IDENTIFIER    

cidsAlert 1.3.6.1.4.1.9.9.383.1.2
OBJECT IDENTIFIER    

cidsError 1.3.6.1.4.1.9.9.383.1.3
OBJECT IDENTIFIER    

cidsHealth 1.3.6.1.4.1.9.9.383.1.4
OBJECT IDENTIFIER    

cidsGeneralEventId 1.3.6.1.4.1.9.9.383.1.1.1
Identifies the sequence number of an event. This value needs to be unique within the scope of the originating host.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned64  

cidsGeneralLocalTime 1.3.6.1.4.1.9.9.383.1.1.2
The local time on the Cisco intrusion detection system sensor when the alert was generated.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  DateAndTime  

cidsGeneralUTCTime 1.3.6.1.4.1.9.9.383.1.1.3
The UTC time on the Cisco intrusion detection system sensor when the alert was generated.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  DateAndTime  

cidsGeneralOriginatorHostId 1.3.6.1.4.1.9.9.383.1.1.4
A globally unique identifier for a Cids host. Could be a host name or an IP address.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsGeneralOriginatorAppName 1.3.6.1.4.1.9.9.383.1.1.5
The optional generic name of a Cids application.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsGeneralOriginatorAppId 1.3.6.1.4.1.9.9.383.1.1.6
The optional id of this instance of the application. Typically the process id (pid).
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsNotificationsEnabled 1.3.6.1.4.1.9.9.383.1.1.7
Indicates whether notifications will or will not be sent when an event is generated by the device.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

cidsAlertSeverity 1.3.6.1.4.1.9.9.383.1.2.1
The severity associated with a Cids signature (informational, low, medium or high for example).
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertAlarmTraits 1.3.6.1.4.1.9.9.383.1.2.2
The alarm traits is an unsigned 16-bit integer representing the value of the 16 user-defined alarm traits specified in the configuration for the signature that triggered the alert. The alarmTraits bits are used to classify signatures into user-defined categories or groups.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertSignature 1.3.6.1.4.1.9.9.383.1.2.3
Content is a string containing details about the signature that fired, without any specifics tied to this instance of the alert. The cidsAlertSignatureSigName, cidsAlertSignatureSigId and cidsAlertSignatureSubSigId attributes define the signature that triggered this Alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

cidsAlertSignatureSigName 1.3.6.1.4.1.9.9.383.1.2.4
The name of the Intrusion detection signature that triggered this event.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

cidsAlertSignatureSigId 1.3.6.1.4.1.9.9.383.1.2.5
The ID of the Intrusion detection signature that triggered this event. The ID combines with the cidsAlertSignatureSubSigId to create a unique key that identifies the signature that generated this event.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertSignatureSubSigId 1.3.6.1.4.1.9.9.383.1.2.6
The optional Sub ID of the Intrusion detection signature that triggered this event. The Sub ID combines with the cidsAlertSignatureSigId to create a unique key that identifies the signature that generated this event.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertSignatureVersion 1.3.6.1.4.1.9.9.383.1.2.7
The optional version attribute defines the version number of the signature update in which the triggering signature was introduced or was last modified. Example: 4.1(1.1)S47(0.1)
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

cidsAlertSummary 1.3.6.1.4.1.9.9.383.1.2.8
Optional, if present, specifies that this is a summary alert, representing one or more alerts with common characteristics. The numeric value indicates the number of times the signature fired since the last summary alert with a matching 'initialAlert' attribute value. The first and all subsequent summary alerts in a sequence will use the eventId of a previous non-summary evAlert in the initialAlert attribute value. All alerts represented by the summary alert share the same signature and sub-signature id. The summaryType attribute defines the common characteristic(s) of all alerts in the summary. The 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribute. The 'final' attribute may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertSummaryType 1.3.6.1.4.1.9.9.383.1.2.9
Common characteristics shared by all non-summary alerts included in a summary alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString Size(0..16)  

cidsAlertSummaryFinal 1.3.6.1.4.1.9.9.383.1.2.10
The optional 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribute. The 'final' attribute may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertSummaryInitialAlert 1.3.6.1.4.1.9.9.383.1.2.11
Serial number for the initial alert, which is guaranteed unique within the scope of the originating host.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned64  

cidsAlertInterfaceGroup 1.3.6.1.4.1.9.9.383.1.2.12
This object indicates an optional numeric identifier for a sniffing interface group on this host.
Status: deprecated Access: accessible-for-notify
OBJECT-TYPE    
  Integer32 -2147483648..2147483647  

cidsAlertVlan 1.3.6.1.4.1.9.9.383.1.2.13
An optional numeric identifier for a vlan. Identifies the vlan that uses the number in ISL or 802.3.1q headers.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32 0..65535  

cidsAlertVictimContext 1.3.6.1.4.1.9.9.383.1.2.14
Optional Base64-encoded representation of the stream data that was sourced by the victim.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertAttackerContext 1.3.6.1.4.1.9.9.383.1.2.15
Optional Base64-encoded representation of the stream data that was sourced by the Attacker.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertAttackerAddress 1.3.6.1.4.1.9.9.383.1.2.16
Optional IP address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the IP address within the network mapping, such as whether the address falls within the address range of a protected network. The optional 'proxy' attribute is 'true' if the sensor has reason to suspect that the address given is not the address of the true attacker. This could be a the result of address spoofing or because the host has been compromised and is acting as a 'zombie'. The 'proxy' attribute may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertVictimAddress 1.3.6.1.4.1.9.9.383.1.2.17
Optional IP address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative location of the IP address within the network mapping, such as whether the address falls within the address range of a protected network. The 'osIdSource' attribute represents the method that the operating system of the victim was identified. The 'osType' attribute represents the operating system of the target system. The 'osRelevance' attribute represents the relevance of an attack on the operating system.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertIpLoggingActivated 1.3.6.1.4.1.9.9.383.1.2.18
Indicates whether IP logging has been activated as the result of the alert. A separate evIpLogStatus event will be generated when logging has been completed. The evIpLogStatus event contains the URL where the log results may be obtained. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertTcpResetSent 1.3.6.1.4.1.9.9.383.1.2.19
Indicates whether a attempt was made to reset a tcp connection as the result of the alert. The addresses and ports affected must be implied from the information contained in the participant elements of the evAlert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertShunRequested 1.3.6.1.4.1.9.9.383.1.2.20
Indicates whether an IP address or tcp connection has been requested to be shunned as a result of the alert. Details about the addresses and ports involved in the shun can be obtained from evNacStatus events sent by the Network Access Controller application. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDetails 1.3.6.1.4.1.9.9.383.1.2.21
Textual details about the specific alert instance, not just the signature.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsAlertIpLogId 1.3.6.1.4.1.9.9.383.1.2.22
IP log identifiers for IP logs that were added as the result of this alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsThreatResponseStatus 1.3.6.1.4.1.9.9.383.1.2.23
A brief textual description of the status of the alarm given by the Cisco Systems Threat Response engine.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsThreatResponseSeverity 1.3.6.1.4.1.9.9.383.1.2.24
The alarm severity as assigned by the Cisco Systems Threat Response engine.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32 -2147483648..2147483647  

cidsAlertEventRiskRating 1.3.6.1.4.1.9.9.383.1.2.25
A risk factor that incorporates several additional pieces of information beyond the detection of a potentially malicious action. The factors that characterize this risk are the severity of the attack if it were to succeed, the fidelity of the signature, the relevance of the potential attack with respect to the target host, and the overall value of the target host to the customer.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertIfIndex 1.3.6.1.4.1.9.9.383.1.2.26
The ifIndex on which the activity was detected.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InterfaceIndex  

cidsAlertProtocol 1.3.6.1.4.1.9.9.383.1.2.27
Identifies the IP protocol associated with the alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CiscoIpProtocol  

cidsAlertDeniedAttacker 1.3.6.1.4.1.9.9.383.1.2.28
Indicates that the traffic from originating from the attacker is being blocked as a result of the alert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDeniedFlow 1.3.6.1.4.1.9.9.383.1.2.29
Indicates that the traffic on the TCP connection being blocked as a result of the alert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDenyPacketReqNotPerf 1.3.6.1.4.1.9.9.383.1.2.30
Indicates whether the packet that triggered the alert would have been denied as a result of the alert if the intrusion prevention system was operating in inline mode. However, the packet was not actually denied because the intrusion prevention system was operating in promiscuous mode. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDenyFlowReqNotPerf 1.3.6.1.4.1.9.9.383.1.2.31
Indicates whether the flow that triggered the alert would have been denied as a result of the alert if the intrusion prevention system was operating in inline mode. However, this action was not actually taken because the intrusion prevention system was operating in promiscuous mode. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDenyAttackerReqNotPerf 1.3.6.1.4.1.9.9.383.1.2.32
Indicates whether the traffic from the attacker that triggered the alert would have been denied as a result of the alert if the intrusion prevention system was operating in inline mode. However, this action was not actually taken because the intrusion prevention system was operating in promiscuous mode. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertBlockConnectionReq 1.3.6.1.4.1.9.9.383.1.2.33
Indicates that a TCP connection has been requested to be blocked as a result of the alert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertLogAttackerPacketsAct 1.3.6.1.4.1.9.9.383.1.2.34
Indicates that packets associated with the attacker(s) identified by this alert are being logged. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertLogVictimPacketsAct 1.3.6.1.4.1.9.9.383.1.2.35
Indicates that packets associated with the victim(s) identified by this alert are being logged. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertLogPairPacketsActivated 1.3.6.1.4.1.9.9.383.1.2.36
Indicates that packets associated with the attacker/victim pair(s) identified by this alert are being logged. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertRateLimitRequested 1.3.6.1.4.1.9.9.383.1.2.37
Indicates that traffic rate limiting based on the source address and protocol associated with the alert has been requested on external network devices. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDeniedAttackVictimPair 1.3.6.1.4.1.9.9.383.1.2.38
Indicates that traffic from originating from the attackers address and destined for the victims address identified in the alert is being denied as a result of the alert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDeniedAttackSericePair 1.3.6.1.4.1.9.9.383.1.2.39
Indicates that traffic from originating from the attackers address and destined for the destination service port identified in the alert is being denied as a result of the alert. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDenyAttackVicReqNotPerf 1.3.6.1.4.1.9.9.383.1.2.40
Indicates that traffic from originating from the attackers address and destined for the victims address identified in the alert would have been denied as a result of the alert if the intrusion prevention system was operating in inline mode. However, this action was not actually taken because the intrusion prevention system was operating in promiscuous mode. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertDenyAttackSerReqNotPerf 1.3.6.1.4.1.9.9.383.1.2.41
Indicates that traffic from originating from the attackers address and destined for the destination service port identified in the alert would have been denied as a result of the alert if the intrusion prevention system was operating in inline mode. However, this action was not actually taken because the intrusion prevention system was operating in promiscuous mode. This element may be omitted if and only if its value is false.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertThreatValueRating 1.3.6.1.4.1.9.9.383.1.2.42
Value that represents the calculated threat associated with the detected activity. The threat value consists of the cidsAlertEventRiskRating adjusted for the mitigation action performed. The threat value has a range between 0 and 100 (inclusive), where a value of 0 represents the lowest threat and 100 the greatest threat.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertRiskRatingTargetValue 1.3.6.1.4.1.9.9.383.1.2.43
Represents the asset value associated with a target identified in the alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CidsTargetValue  

cidsAlertRiskRatingRelevance 1.3.6.1.4.1.9.9.383.1.2.44
Value that represents an attack's relevance to the destination target of this alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CidsAttackRelevance  

cidsAlertRiskRatingWatchList 1.3.6.1.4.1.9.9.383.1.2.45
Value that represents the amount that the risk rating value was increased due to the source of the activity associated with the alert being on a watchlist.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Unsigned32  

cidsAlertDenyPacket 1.3.6.1.4.1.9.9.383.1.2.46
This object indicates that the traffic originating from the attacker is being blocked as a result of the alert. This element may be omitted if and only if its value is 'false'.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertBlockHost 1.3.6.1.4.1.9.9.383.1.2.47
This object indicates that a host has been requested to be blocked as a result of the alert. This element may be omitted if and only if its value is 'false'.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertTcpOneWayResetSent 1.3.6.1.4.1.9.9.383.1.2.48
This object indicates an attempt to reset one side of the connection (the victim side). The victim address and ports affected must be implied from the information contained in the participant elements of the alert. This element may be omitted if and only if its value is 'false'.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsAlertVirtualSensor 1.3.6.1.4.1.9.9.383.1.2.49
This object represents the name of the virtual sensor associated with an Intrusion Prevention System alert. From the virtual sensor name one can correlate which signature set and configuration to look at to trouble shoot or tune the behavior of the sensor. The virtual sensor name with the signature ID should help in identifying the correct instance of the signature that fired the alert.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

cidsErrorSeverity 1.3.6.1.4.1.9.9.383.1.3.1
Severity of an error (warning, error or fatal for example). An example of a type of error that could occur would be when a requested action could not be completed because it would create a resource that would exceed a system resource limit.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsErrorName 1.3.6.1.4.1.9.9.383.1.3.2
An enumerated error code, which identifies a general class of errors.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CidsErrorCode  

cidsErrorMessage 1.3.6.1.4.1.9.9.383.1.3.3
A textual description of the error that occurred.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  SnmpAdminString  

cidsHealthPacketLoss 1.3.6.1.4.1.9.9.383.1.4.1
The percentage of packets lost at the device interface level.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 0..100  

cidsHealthPacketDenialRate 1.3.6.1.4.1.9.9.383.1.4.2
The percentage of packets denied due to protocol and security violations.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 0..100  

cidsHealthAlarmsGenerated 1.3.6.1.4.1.9.9.383.1.4.3
The number of alarms generated, includes all currently defined alarm severities.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

cidsHealthFragmentsInFRU 1.3.6.1.4.1.9.9.383.1.4.4
The number of fragments currently queued in the fragment reassembly unit.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthDatagramsInFRU 1.3.6.1.4.1.9.9.383.1.4.5
The number of datagrams currently queued in the fragment reassembly unit.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthTcpEmbryonicStreams 1.3.6.1.4.1.9.9.383.1.4.6
The number of embryonic TCP streams currently queued in the device. TCP streams are considered embryonic if they have not completed the TCP three-way handshake.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthTCPEstablishedStreams 1.3.6.1.4.1.9.9.383.1.4.7
The number of established TCP streams currently queued in the device. Once a stream has completed a TCP three-way handshake it will move to the established state.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthTcpClosingStreams 1.3.6.1.4.1.9.9.383.1.4.8
The number of closing TCP streams currently queued in the device. A stream will move from the established state to closing when a valid FIN or RST flag is received.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthTcpStreams 1.3.6.1.4.1.9.9.383.1.4.9
The number of TCP streams (embryonic, established and closing) currently queued in the device.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthActiveNodes 1.3.6.1.4.1.9.9.383.1.4.10
The number of active nodes currently queued in the device.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthTcpDualIpAndPorts 1.3.6.1.4.1.9.9.383.1.4.11
The number TCP nodes keyed on both IP addresses and both ports currently queued in the device.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthUdpDualIpAndPorts 1.3.6.1.4.1.9.9.383.1.4.12
The number UDP nodes keyed on both IP addresses and both ports currently queued in the device.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthIpDualIp 1.3.6.1.4.1.9.9.383.1.4.13
The number IP nodes keyed on both IP addresses currently queued in the device.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cidsHealthIsSensorMemoryCritical 1.3.6.1.4.1.9.9.383.1.4.14
A value between 0 and 10 that should rarely get above 3. If this is non-zero the sensor has stopped enforcing policy on some traffic in order to keep up with the current traffic load; the sensor is oversubscribed. The higher the number the more oversubscribed the sensor. It could be oversubscribed from a memory prospective and not traffic speed. For example on a 200 Mbit sensor this number might be 3 if the sensor was only seeing 100Mbit of traffic but 6000 connections per second which is over the rated capacity of the sensor. When the sensor is in Memory Critical state then a ciscoCidsError trap will be sent accordingly.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32 0..10  

cidsHealthIsSensorActive 1.3.6.1.4.1.9.9.383.1.4.15
Indicates the failover status of the device. True indicates the device is currently active. False indicates it is in a standby mode.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

cidsHealthCommandAndControlPort 1.3.6.1.4.1.9.9.383.1.4.16
The status and network statistics of the currently configured Command and Control interface on the device. The Command and Control interface is where all of the communications for command and control of the sensor occurs. This is important to identify what interface a user will communicate with to control the sensor remotely and general health statistics for that interface.
Status: current Access: read-only
OBJECT-TYPE    
  SnmpAdminString  

cidsHealthSensorStatsResetTime 1.3.6.1.4.1.9.9.383.1.4.17
The value of SNMPv2-MIB::sysUpTime when the Sensor specific statistics was reset. The reset time is collectively for the following objects: cidsHealthPacketLoss, cidsHealthPacketDenies, cidsHealthAlarmsGenerated, cidsHealthFragmentsInFRU, cidsHealthDatagramsInFRU, cidsHealthTcpEmbryonicStreams, cidsHealthTcpEstablishedStreams, cidsHealthTcpClosingStreams, cidsHealthTcpStreams
Status: current Access: read-only
OBJECT-TYPE    
  TimeTicks  

cidsHealthSecMonAvailability 1.3.6.1.4.1.9.9.383.1.4.18
This object indicates the availability of health and security monitor statistics. If the IPS health and security monitoring service is disabled, it will return false.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

cidsHealthSecMonOverallHealth 1.3.6.1.4.1.9.9.383.1.4.19
This object indicates IPS sensor's overall health value - green, yellow or red. The overall health status is set to the highest severity of all metrics that are configured to be applied to the IPS's health determination. For example, if the IPS is configured to use eight metrics to determine its health and seven of eight metrics are green while one of the metrics is red then the overall IPS health will be red. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  CidsHealthStatusColor  

cidsHealthSecMonSoftwareVersion 1.3.6.1.4.1.9.9.383.1.4.20
This object indicates the IPS software version number (e.g., 6.2(1)E3). This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString Size(0..32)  

cidsHealthSecMonSignatureVersion 1.3.6.1.4.1.9.9.383.1.4.21
This object indicates IPS signature version (e.g., 365.0). This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString Size(0..255)  

cidsHealthSecMonLicenseStatus 1.3.6.1.4.1.9.9.383.1.4.22
This object indicates IPS license status along with expiration date. For example it will contain the following possible values: - signatureUpdateKey: Not expired until: - trialKey: Not expired until: - expiredLicense - noLicense - invalidLicense - unknown The timestamp will be in the format: MM/DD/YYYY HH:MM:SS This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString Size(0..255)  

cidsHealthSecMonOverallAppColor 1.3.6.1.4.1.9.9.383.1.4.23
This object indicates the aggregate health status of the applications - Main, Analysis Engine, Collaboration - where the status is equal to the most severe status of all three applications. It is used in both the heart beat and the metric change health traps.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CidsHealthStatusColor  

cidsHealthSecMonMainAppStatus 1.3.6.1.4.1.9.9.383.1.4.24
This object indicates the running status for the control plane. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  CidsApplicationStatus  

cidsHealthSecMonAnalysisEngineStatus 1.3.6.1.4.1.9.9.383.1.4.25
This object indicates the running status for the Analysis Engine. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  CidsApplicationStatus  

cidsHealthSecMonCollaborationAppStatus 1.3.6.1.4.1.9.9.383.1.4.26
This object indicates the running status for the Collaboration Application. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  CidsApplicationStatus  

cidsHealthSecMonByPassMode 1.3.6.1.4.1.9.9.383.1.4.27
This object indicates the bypass mode. A value of 'true' indicates bypass mode is on and a value of 'false' indicates it is off. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TruthValue  

cidsHealthSecMonMissedPktPctAndThresh 1.3.6.1.4.1.9.9.383.1.4.28
This object indicates the missed packet percentage and missed packets percentage threshold aggregated for all interfaces. For example, 'missedPacketPercentage=1 redThreshold=6 yellowThreshold=1'. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString Size(0..255)  

cidsHealthSecMonAnalysisEngMemPercent 1.3.6.1.4.1.9.9.383.1.4.29
This object indicates the percentage of memory used by Analysis Engine. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 0..100  

cidsHealthSecMonSensorLoad 1.3.6.1.4.1.9.9.383.1.4.30
This object indicates sensor inspection load. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 0..100  

cidsHealthSecMonSensorLoadColor 1.3.6.1.4.1.9.9.383.1.4.31
This object indicates the status of current sensor load, indicated using status colors. The color is determined based on the sensor load percentage and configured threshold value.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  CidsHealthStatusColor  

cidsHealthSecMonVirtSensorStatusTable 1.3.6.1.4.1.9.9.383.1.4.32
This table contains the status of each virtual sensor. There will be one entry per virtual sensor in the system. This is the status of the network that the virtual sensor is monitoring. A virtual sensor can be added either through the configuration CLI or through a management application such as IME/CSM; once it is added to the system it will appear in this table. If a virtual sensor is removed from the system through one of the management interfaces it will no longer appear in this table. This table is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CidsHealthSecMonVirtSensorStatusEntry

cidsHealthSecMonVirtSensorStatusEntry 1.3.6.1.4.1.9.9.383.1.4.32.1
An entry (conceptual row) in the cidsHealthSecMonVirtSensorStatusTable. There will be one per virtual sensor on the system. A virtual sensor allows one to logically separate their sensor configuration for different sets of interfaces. For example virtual sensor vs0 may apply to one set of interfaces and vs1 would apply to another set of interfaces. This table allows someone to get the status of each of the virtual sensors to determine the health of the associated networks. For example you could have vs0 monitoring your finance networks and vs1 monitoring your engineering networks and track the health of each of these networks independently.
Status: current Access: not-accessible
OBJECT-TYPE    
  CidsHealthSecMonVirtSensorStatusEntry  

cidsHealthSecMonVirtSensorName 1.3.6.1.4.1.9.9.383.1.4.32.1.1
This object represents the name of the virtual sensor. Through the IPS configuration the sensor name can be correlated with the sensor configuration and the associated interfaces to identify which networks are having good or bad health status. The reason there are multiple virtual sensor configurations is to allow different configurations for different sets of network interfaces.
Status: current Access: not-accessible
OBJECT-TYPE    
  DisplayString Size(1..64)  

cidsHealthSecMonVirtSensorStatus 1.3.6.1.4.1.9.9.383.1.4.32.1.2
This object represents the virtual sensor network status level. From the color rating associated with the virtual sensor you can determine the overall health of the attached networks. If the color is green everything is fine, the IPS is not indicating a problem. If the color is yellow you should check as there maybe issues occuring on the attached network. If the status is red the network needs attention as problems are detected and network security is critical.
Status: current Access: read-only
OBJECT-TYPE    
  CidsHealthStatusColor  

cidsHealthSecMonDataStorageTable 1.3.6.1.4.1.9.9.383.1.4.33
This is the table of disk partition details: Partition Name Total Space In Partition Utilized Space This table tells how each of the file systems are utilized on the IPS. If the file systems approach 100% utilization that may indicate a problem. This table should remain fixed size unless an upgrade/install changes the partition count. The user does not have control over the number of partitions or the ability to add and remove partitions. This table is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CidsHealthSecMonDataStorageEntry

cidsHealthSecMonDataStorageEntry 1.3.6.1.4.1.9.9.383.1.4.33.1
An entry (conceptual row) in the cidsHealthSecMonDataStorageTable. There will be one row per partition. This table is here to track the health of the storage on the IPS sensor. The following partitions will have their status displayed as part of the data storage table: system This is the root file system on the sensor; this file system should not change too much over time and should not be full. application-data This is the main file system where application binaries, application logs and configuration data is stored. This file system will change due to logging and configuration changes; if this file system is full it will present stability problems. This partition is the most important in the system to monitor. boot Kernel/boot data storage partition; this should not change much other than during an image upgrade. application-log This partition has fixed sized files to store IPLOG data. This will likely run near full capacity without being a problem. The most important partition to monitor over time is the application-data partition; if it runs to capacity problems will occur as processes will no longer be able to write data to the file system. Note: File system setup and utilization will vary per platform model; there are no perfect rules for monitoring these across all platforms however you should be able to use trends over time to indicate if you are going to fill up a file system that should not run at capacity such as the application-data partition.
Status: current Access: not-accessible
OBJECT-TYPE    
  CidsHealthSecMonDataStorageEntry  

cidsHealthSecMonPartitionName 1.3.6.1.4.1.9.9.383.1.4.33.1.1
Name of the disk partition. For example: system application-data boot application-log
Status: current Access: not-accessible
OBJECT-TYPE    
  DisplayString Size(1..64)  

cidsHealthSecMonTotalPartitionSpace 1.3.6.1.4.1.9.9.383.1.4.33.1.2
This object represents the total disk space on the partition in megabytes.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

cidsHealthSecMonUtilizedPartitionSpace 1.3.6.1.4.1.9.9.383.1.4.33.1.3
This object represents the total amount of utilized disk space in megabytes.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

ciscoCidsAlert 1.3.6.1.4.1.9.9.383.0.1
Event indicating that some suspicious or malicious activity has been detected on a monitored network.
Status: current Access: read-only
NOTIFICATION-TYPE    

ciscoCidsError 1.3.6.1.4.1.9.9.383.0.2
Event indicating that an error has occurred.
Status: current Access: read-only
NOTIFICATION-TYPE    

ciscoCidsHealthHeartBeat 1.3.6.1.4.1.9.9.383.0.3
This notification is triggered by the heart beat events (evStatus). The heartbeat is configured to run on a periodic basis and can be enabled/disabled through heart beat configuration under the health service. If the heart beat is disabled these notification events will not be sent. This notification is supposed to mirror the heart beat evStatus message however it is a subset of the most critical pieces of data. Namely this will include the following pieces of data: - Event ID - Host ID - Local Time - UTC Time - Overall Application Color - Sensor/Inspection Load Color - Overall Health
Status: current Access: read-only
NOTIFICATION-TYPE    

ciscoCidsHealthMetricChange 1.3.6.1.4.1.9.9.383.0.4
This notification notifies the recipient of health and security status changes. This notification is triggered when there is a change in the value of monitored metrics as indicated by evStatus message. This notification will include the following important subset of attributes from evStatus message: - Event ID - Host ID - Local Time - UTC Time - Overall Application Color - Sensor/Inspection Load Color - Overall Health This is similar to the heart beat, however the triggering condition is different. The heart beat fires on a regular interval and this is sent immediately after a change in a monitored metric. Metric change notifications can be enabled while the heart beat is disabled.
Status: current Access: read-only
NOTIFICATION-TYPE    

ciscoCidsMIBCompliances 1.3.6.1.4.1.9.9.383.2.1
OBJECT IDENTIFIER    

ciscoCidsMIBGroups 1.3.6.1.4.1.9.9.383.2.2
OBJECT IDENTIFIER    

ciscoCidsMIBCompliance 1.3.6.1.4.1.9.9.383.2.1.1
The compliance statement for entities which implement the Cids MIB
Status: deprecated Access: read-only
MODULE-COMPLIANCE    

ciscoCidsMIBComplianceRev1 1.3.6.1.4.1.9.9.383.2.1.2
The compliance statement for entities which implement the Cids MIB
Status: deprecated Access: read-only
MODULE-COMPLIANCE    

ciscoCidsMIBComplianceRev2 1.3.6.1.4.1.9.9.383.2.1.3
The compliance statement for entities which implement the Cids MIB
Status: deprecated Access: read-only
MODULE-COMPLIANCE    

ciscoCidsMIBComplianceRev3 1.3.6.1.4.1.9.9.383.2.1.4
The compliance statement for entities which implement the Cids MIB
Status: deprecated Access: read-only
MODULE-COMPLIANCE    

ciscoCidsMIBComplianceRev4 1.3.6.1.4.1.9.9.383.2.1.5
The compliance statement for entities which implement the Cids MIB
Status: current Access: read-only
MODULE-COMPLIANCE    

ciscoCidsGeneralObjectGroup 1.3.6.1.4.1.9.9.383.2.2.1
General Objects.
Status: deprecated Access: read-only
OBJECT-GROUP    

ciscoCidsAlertObjectGroup 1.3.6.1.4.1.9.9.383.2.2.2
Alert Objects.
Status: deprecated Access: read-only
OBJECT-GROUP    

ciscoCidsErrorObjectGroup 1.3.6.1.4.1.9.9.383.2.2.3
Error Objects.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsNotificationsGroup 1.3.6.1.4.1.9.9.383.2.2.4
The notifications which are required.
Status: current Access: read-only
NOTIFICATION-GROUP    

ciscoCidsHealthObjectGroup 1.3.6.1.4.1.9.9.383.2.2.5
Health Objects.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsGeneralObjectGroupRev1 1.3.6.1.4.1.9.9.383.2.2.6
General Objects.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsAlertObjectGroupRev1 1.3.6.1.4.1.9.9.383.2.2.7
Alert Objects.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsOptionalObjectGroup 1.3.6.1.4.1.9.9.383.2.2.8
Optional Objects.
Status: deprecated Access: read-only
OBJECT-GROUP    

ciscoCidsOptionalObjectGroupRev1 1.3.6.1.4.1.9.9.383.2.2.9
Optional Objects.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsOptionalObjectGroupRev2 1.3.6.1.4.1.9.9.383.2.2.10
A collection of optional objects which provide sensor events and alerts information.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsAlertObjectGroupRev2 1.3.6.1.4.1.9.9.383.2.2.11
A collection of objects that provide sensor alert information.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsHealthObjectGroupRev1 1.3.6.1.4.1.9.9.383.2.2.12
A collection of objects that provide sensor health status.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsOptionalObjectGroupRev3 1.3.6.1.4.1.9.9.383.2.2.13
A collection of optional objects which provide sensor events and alerts information.
Status: current Access: read-only
OBJECT-GROUP    

ciscoCidsNotificationsGroupRev1 1.3.6.1.4.1.9.9.383.2.2.14
A collection of objects that provide sensor health and metric change related trap information.
Status: current Access: read-only
NOTIFICATION-GROUP