TPT-NGFW-POLICY-MIB
File:
TPT-NGFW-POLICY-MIB.mib (22137 bytes)
Imported modules
Imported symbols
Defined Types
EventSource |
|
The firewall rule or inspection profile that triggered a policy
notification.
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
firewall(1), ips(2), reputation(3), quarantine(4) |
|
FirewallEventType |
|
The type of firewall event detected: a session start or
end, an application detection, or network traffic
was blocked.
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
sessionStart(1), applicationDetect(2), sessionEnd(3), blockedByFirewall(4) |
|
EventSeverity |
|
The severity of a network event.
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
info(1), low(2), minor(3), major(4), critical(5) |
|
ActionType |
|
The action taken by a policy to either block, permit, trust,
rate-limit, or quarantine network traffic.
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
permit(1), rateLimit(2), trust(3), block(4), quarantine(5) |
|
PacketTraceVersion |
|
The version of a packet trace collected and saved or none.
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
packetTraceV1(1), packetTraceV2(2), none(3) |
|
Defined Values
tptNgfwPolicy |
1.3.6.1.4.1.10734.3.9.2.4 |
Policy information and notifications for TippingPoint Next-Generation Firewall products. This
includes Firewall rules, IPS, Reputation profiles, Quarantine.
Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved.
Trend Micro makes no warranty of any kind with regard to this material,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose. Trend Micro shall not be liable for
errors contained herein or for incidental or consequential damages in
connection with the furnishing, performance, or use of this material. This
document contains proprietary information, which is protected by copyright. No
part of this document may be photocopied, reproduced, or translated into
another language without the prior written consent of Trend Micro. The
information is provided 'as is' without warranty of any kind and is subject to
change without notice. The only warranties for Trend Micro products and
services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an
additional warranty. Trend Micro shall not be liable for technical or editorial
errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and
Digital Vaccine(R) are registered trademarks of Trend Micro. All other company
and product names may be trademarks of their respective holders. All rights
reserved. This document contains confidential information, trade secrets or
both, which are the property of Trend Micro. No part of this documentation may
be reproduced in any form or by any means or used to make any derivative work
(such as translation, transformation, or adaptation) without written permission
from Trend Micro or one of its subsidiaries. All other company and product
names may be trademarks of their respective holders.
|
MODULE-IDENTITY |
|
|
|
tptNgfwPolicyNotifyTime |
1.3.6.1.4.1.10734.3.9.3.1.20 |
The time when the firewall detected a network event and generated
this policy notification.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
tptNgfwPolicyNotifyEventSource |
1.3.6.1.4.1.10734.3.9.3.1.21 |
The policy component (Firewall, IPS, Reputation, Quarantine) that detected
a network event and generated this notification.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
EventSource |
|
|
tptNgfwPolicyNotifyEventType |
1.3.6.1.4.1.10734.3.9.3.1.22 |
If the notify event was generated by the firewall, this object
indicates what type of event was detected.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
FirewallEventType |
|
|
tptNgfwPolicyNotifyCorrelationId |
1.3.6.1.4.1.10734.3.9.3.1.24 |
A 128-bit identifier in decimal format. This ID is used to correlate firewall
events. For example, a firewall session started and ended notification will
have the same correlation ID.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..255) |
|
tptNgfwPolicyNotifyActionType |
1.3.6.1.4.1.10734.3.9.3.1.25 |
The type of action taken on network traffic matching a firewall rule or
inspection profile.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
ActionType |
|
|
tptNgfwPolicyNotifyAction |
1.3.6.1.4.1.10734.3.9.3.1.26 |
This object provides additional description of a firewall action.
For example, when a quarantine action occurs, this object details if the action
was to place traffic in or out of quarantine.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..80) |
|
tptNgfwPolicyNotifyInInterface |
1.3.6.1.4.1.10734.3.9.3.1.29 |
The interface name that is receiving the traffic that triggered a
firewall action.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..40) |
|
tptNgfwPolicyNotifySrcIpAddr |
1.3.6.1.4.1.10734.3.9.3.1.32 |
The source IP address generating the network traffic that has
triggered a firewall action.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
tptNgfwPolicyNotifyDestIpAddr |
1.3.6.1.4.1.10734.3.9.3.1.37 |
The source IP address receiving network traffic that triggered a
firewall action.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
tptNgfwPolicyNotifyUserName |
1.3.6.1.4.1.10734.3.9.3.1.43 |
The user name, if available, that is responsible for generating
network traffic triggering a firewall action.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..80) |
|
tptNgfwPolicyNotifyStartTimeSec |
1.3.6.1.4.1.10734.3.9.3.1.46 |
The time, in seconds, from EPOC (January 1, 1970 00:00:00) when the
event was detected.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
tptNgfwPolicyNotifyRateLimit |
1.3.6.1.4.1.10734.3.9.3.1.48 |
The rate-limit, in kbps, of the action set associated with
this notification.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
tptNgfwPolicyNotifyPolicyName |
1.3.6.1.4.1.10734.3.9.3.1.55 |
The firewall policy name that matched network traffic and caused the firewall to
take an action.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..80) |
|
tptNgfwPolicyNotifyHitCount |
1.3.6.1.4.1.10734.3.9.3.1.57 |
Hit count. The number of times, the firewall detected a particulare event
as defined by a rule or inspection profile.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
tptNgfwPolicyNotifyMsgParams |
1.3.6.1.4.1.10734.3.9.3.1.58 |
A string containing parameters (separated by vertical bars) matching the
Message in the Digital Vaccine (the XML tag is Message).
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..255) |
|
tptNgfwPolicyNotifyPeriod |
1.3.6.1.4.1.10734.3.9.3.1.59 |
The aggregation period, in minutes, when the condition is frist detected and
this notification sent.
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
tptNgfwPolicyNotify |
1.3.6.1.4.1.10734.3.9.3.0.10 |
A notification sent when a firewall rule, IPS, Reputation, or
Quarantine profile detects a network event of interest.
|
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
tptNgfwPolicyGroup |
1.3.6.1.4.1.10734.3.9.1.1.7 |
Policy group consisting of firewall, IPS, Reputation, and Quarantine
information.
|
Status: current |
Access: accessible-for-notify |
OBJECT-GROUP |
|
|
|
tptNgfwPolicyNotificationGroup |
1.3.6.1.4.1.10734.3.9.1.1.8 |
Notification sent from TippingPoint Next-generation Firewall rules and inspection
profiles.
|
Status: current |
Access: accessible-for-notify |
NOTIFICATION-GROUP |
|
|
|
tptNgfwPolicyCompl |
1.3.6.1.4.1.10734.3.9.1.2.4 |
Compliance for TippingPoint Next-generation Firewall policies.
|
Status: current |
Access: accessible-for-notify |
MODULE-COMPLIANCE |
|
|
|