553 lines
16 KiB
Plaintext
553 lines
16 KiB
Plaintext
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Trend Micro, Inc.
|
|
-- Copyright information is in the DESCRIPTION section of the MODULE-IDENTITY.
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
TPT-TSE-MIB
|
|
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
|
|
tpt-tpa-objs
|
|
FROM TPT-TPAMIBS-MIB
|
|
;
|
|
|
|
tpt-tse MODULE-IDENTITY
|
|
LAST-UPDATED "201605251854Z" -- May 25, 2016
|
|
ORGANIZATION "Trend Micro, Inc."
|
|
CONTACT-INFO "www.trendmicro.com"
|
|
DESCRIPTION
|
|
"Threat Suppression Engine information.
|
|
|
|
Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved.
|
|
|
|
Trend Micro makes no warranty of any kind with regard to this material,
|
|
including, but not limited to, the implied warranties of merchantability
|
|
and fitness for a particular purpose. Trend Micro shall not be liable for
|
|
errors contained herein or for incidental or consequential damages in
|
|
connection with the furnishing, performance, or use of this material. This
|
|
document contains proprietary information, which is protected by copyright. No
|
|
part of this document may be photocopied, reproduced, or translated into
|
|
another language without the prior written consent of Trend Micro. The
|
|
information is provided 'as is' without warranty of any kind and is subject to
|
|
change without notice. The only warranties for Trend Micro products and
|
|
services are set forth in the express warranty statements accompanying such
|
|
products and services. Nothing herein should be construed as constituting an
|
|
additional warranty. Trend Micro shall not be liable for technical or editorial
|
|
errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and
|
|
Digital Vaccine(R) are registered trademarks of Trend Micro. All other company
|
|
and product names may be trademarks of their respective holders. All rights
|
|
reserved. This document contains confidential information, trade secrets or
|
|
both, which are the property of Trend Micro. No part of this documentation may
|
|
be reproduced in any form or by any means or used to make any derivative work
|
|
(such as translation, transformation, or adaptation) without written permission
|
|
from Trend Micro or one of its subsidiaries. All other company and product
|
|
names may be trademarks of their respective holders.
|
|
"
|
|
|
|
REVISION "201605251854Z" -- May 25, 2016
|
|
DESCRIPTION "Updated copyright information. Minor MIB syntax fixes."
|
|
|
|
::= { tpt-tpa-objs 7 }
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Textual conventions for statistical reports
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
PolicyState ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A selection from a set of networking protocols detected by a policy."
|
|
SYNTAX INTEGER { invalid(0), normal(3), system-disabled(4) }
|
|
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Variable definitions
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
|
|
-- Adaptive filter configuration top ten list
|
|
|
|
topTenAdaptFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF TopTenAdaptFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Adaptive filter configuration top ten list."
|
|
::= { tpt-tse 1 }
|
|
|
|
topTenAdaptFilterEntry OBJECT-TYPE
|
|
SYNTAX TopTenAdaptFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the adaptive filter configuration top ten list.
|
|
Rows cannot be created or deleted.
|
|
"
|
|
INDEX { topTenAdaptFilterRank }
|
|
::= { topTenAdaptFilterTable 1 }
|
|
|
|
TopTenAdaptFilterEntry ::= SEQUENCE {
|
|
topTenAdaptFilterRank Unsigned32 (1..10),
|
|
adaptFilterName OCTET STRING (SIZE (0..80)),
|
|
adaptFilterUUID OCTET STRING (SIZE (0..40)),
|
|
adaptFilterSegment OCTET STRING (SIZE (0..80)),
|
|
adaptFilterProfile OCTET STRING (SIZE (0..128)),
|
|
adaptFilterEnabledState PolicyState,
|
|
adaptFilterSigID OCTET STRING (SIZE (0..40))
|
|
}
|
|
|
|
topTenAdaptFilterRank OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..10)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numerical ranking 1 through 10 in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 1 }
|
|
|
|
adaptFilterName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..80))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The human-readable name of a filter in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 2 }
|
|
|
|
adaptFilterUUID OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..40))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The global identifier of a filter in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 3 }
|
|
|
|
adaptFilterSegment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..80))
|
|
MAX-ACCESS read-only
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The applicable segment of a filter in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 4 }
|
|
|
|
adaptFilterEnabledState OBJECT-TYPE
|
|
SYNTAX PolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of a filter in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 5 }
|
|
|
|
adaptFilterSigID OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..40))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The global identifier of a signature in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 7 }
|
|
|
|
adaptFilterProfile OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The profile name of a filter in the adaptive filter top ten list."
|
|
::= { topTenAdaptFilterEntry 8 }
|
|
|
|
|
|
-- Table of connection blocks
|
|
|
|
connectionBlockTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ConnectionBlockEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of connections corresponding to blocked streams."
|
|
::= { tpt-tse 2 }
|
|
|
|
connectionBlockEntry OBJECT-TYPE
|
|
SYNTAX ConnectionBlockEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the connection block table.
|
|
Rows cannot be created or deleted.
|
|
"
|
|
INDEX { connectionBlockIndex }
|
|
::= { connectionBlockTable 1 }
|
|
|
|
ConnectionBlockEntry ::= SEQUENCE {
|
|
connectionBlockIndex Unsigned32 (1..50),
|
|
connectionBlockSrcAddr OCTET STRING (SIZE (0..20)),
|
|
connectionBlockSrcPort Unsigned32,
|
|
connectionBlockDestAddr OCTET STRING (SIZE (0..20)),
|
|
connectionBlockDestPort Unsigned32,
|
|
connectionBlockProtocol OCTET STRING (SIZE (0..20)),
|
|
connectionBlockPort OCTET STRING (SIZE (0..128)),
|
|
connectionBlockReason OCTET STRING (SIZE (0..40)),
|
|
connectionBlockSrcAddrV6 OCTET STRING (SIZE (0..60)),
|
|
connectionBlockDestAddrV6 OCTET STRING (SIZE (0..60))
|
|
}
|
|
|
|
connectionBlockIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..50)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index into the table of connections corresponding to blocked streams."
|
|
::= { connectionBlockEntry 1 }
|
|
|
|
connectionBlockSrcAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of a connection."
|
|
::= { connectionBlockEntry 2 }
|
|
|
|
connectionBlockSrcAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IPv6 address of a connection."
|
|
::= { connectionBlockEntry 9 }
|
|
|
|
connectionBlockSrcPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of a connection."
|
|
::= { connectionBlockEntry 3 }
|
|
|
|
connectionBlockDestAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP address of a connection."
|
|
::= { connectionBlockEntry 4 }
|
|
|
|
connectionBlockDestAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IPv6 address of a connection."
|
|
::= { connectionBlockEntry 10 }
|
|
|
|
connectionBlockDestPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port of a connection."
|
|
::= { connectionBlockEntry 5 }
|
|
|
|
connectionBlockProtocol OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The transmission protocol of a connection."
|
|
::= { connectionBlockEntry 6 }
|
|
|
|
connectionBlockPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the security zone pair whose incoming data caused the block."
|
|
::= { connectionBlockEntry 7 }
|
|
|
|
connectionBlockReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..40))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The UUID of the signature that caused the block."
|
|
::= { connectionBlockEntry 8 }
|
|
|
|
|
|
-- Other connection block information
|
|
|
|
connectionBlockTotalCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of connections corresponding to blocked streams.
|
|
Only the first 50 are contained in the connection block table."
|
|
::= { tpt-tse 3 }
|
|
|
|
|
|
-- Table of rate limit streams
|
|
|
|
rateLimitStreamTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RateLimitStreamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of rate limit streams."
|
|
::= { tpt-tse 4 }
|
|
|
|
rateLimitStreamEntry OBJECT-TYPE
|
|
SYNTAX RateLimitStreamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the rate limit stream table.
|
|
Rows cannot be created or deleted.
|
|
"
|
|
INDEX { rateLimitStreamIndex }
|
|
::= { rateLimitStreamTable 1 }
|
|
|
|
RateLimitStreamEntry ::= SEQUENCE {
|
|
rateLimitStreamIndex Unsigned32 (1..50),
|
|
rateLimitStreamSrcAddr OCTET STRING (SIZE (0..20)),
|
|
rateLimitStreamSrcPort Unsigned32,
|
|
rateLimitStreamDestAddr OCTET STRING (SIZE (0..20)),
|
|
rateLimitStreamDestPort Unsigned32,
|
|
rateLimitStreamProtocol OCTET STRING (SIZE (0..20)),
|
|
rateLimitStreamPort OCTET STRING (SIZE (0..8)),
|
|
rateLimitStreamReason OCTET STRING (SIZE (0..40)),
|
|
rateLimitStreamSrcAddrV6 OCTET STRING (SIZE (0..60)),
|
|
rateLimitStreamDestAddrV6 OCTET STRING (SIZE (0..60))
|
|
}
|
|
|
|
rateLimitStreamIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..50)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index into the rate limit stream table."
|
|
::= { rateLimitStreamEntry 1 }
|
|
|
|
rateLimitStreamSrcAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of a rate limit."
|
|
::= { rateLimitStreamEntry 2 }
|
|
|
|
rateLimitStreamSrcAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IPv6 address of a rate limit."
|
|
::= { rateLimitStreamEntry 9 }
|
|
|
|
rateLimitStreamSrcPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of a rate limit."
|
|
::= { rateLimitStreamEntry 3 }
|
|
|
|
rateLimitStreamDestAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP address of a rate limit."
|
|
::= { rateLimitStreamEntry 4 }
|
|
|
|
rateLimitStreamDestAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IPv6 address of a rate limit."
|
|
::= { rateLimitStreamEntry 10 }
|
|
|
|
rateLimitStreamDestPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port of a rate limit."
|
|
::= { rateLimitStreamEntry 5 }
|
|
|
|
rateLimitStreamProtocol OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The transmission protocol of a rate limit."
|
|
::= { rateLimitStreamEntry 6 }
|
|
|
|
rateLimitStreamPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..8))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port on which the stream originated."
|
|
::= { rateLimitStreamEntry 7 }
|
|
|
|
rateLimitStreamReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..40))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The UUID of the rate limiter."
|
|
::= { rateLimitStreamEntry 8 }
|
|
|
|
|
|
-- Other rate limit stream information
|
|
|
|
rateLimitStreamTotalCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of rate limit streams.
|
|
Only the first 50 are contained in the rate limit stream table."
|
|
::= { tpt-tse 5 }
|
|
|
|
|
|
-- Table of connection trusts
|
|
|
|
connectionTrustTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ConnectionTrustEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of connections corresponding to trusted streams."
|
|
::= { tpt-tse 6 }
|
|
|
|
connectionTrustEntry OBJECT-TYPE
|
|
SYNTAX ConnectionTrustEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the connection trust table.
|
|
Rows cannot be created or deleted.
|
|
"
|
|
INDEX { connectionTrustIndex }
|
|
::= { connectionTrustTable 1 }
|
|
|
|
ConnectionTrustEntry ::= SEQUENCE {
|
|
connectionTrustIndex Unsigned32 (1..50),
|
|
connectionTrustSrcAddr OCTET STRING (SIZE (0..20)),
|
|
connectionTrustSrcPort Unsigned32,
|
|
connectionTrustDestAddr OCTET STRING (SIZE (0..20)),
|
|
connectionTrustDestPort Unsigned32,
|
|
connectionTrustProtocol OCTET STRING (SIZE (0..20)),
|
|
connectionTrustPort OCTET STRING (SIZE (0..128)),
|
|
connectionTrustReason OCTET STRING (SIZE (0..40)),
|
|
connectionTrustSrcAddrV6 OCTET STRING (SIZE (0..60)),
|
|
connectionTrustDestAddrV6 OCTET STRING (SIZE (0..60))
|
|
}
|
|
|
|
connectionTrustIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..50)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index into the table of connections corresponding to trusted streams."
|
|
::= { connectionTrustEntry 1 }
|
|
|
|
connectionTrustSrcAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of a trusted connection."
|
|
::= { connectionTrustEntry 2 }
|
|
|
|
connectionTrustSrcAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IPv6 address of a trusted connection."
|
|
::= { connectionTrustEntry 9 }
|
|
|
|
connectionTrustSrcPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of a trusted connection."
|
|
::= { connectionTrustEntry 3 }
|
|
|
|
connectionTrustDestAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP address of a trusted connection."
|
|
::= { connectionTrustEntry 4 }
|
|
|
|
connectionTrustDestAddrV6 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IPv6 address of a trusted connection."
|
|
::= { connectionTrustEntry 10 }
|
|
|
|
connectionTrustDestPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port of a trusted connection."
|
|
::= { connectionTrustEntry 5 }
|
|
|
|
connectionTrustProtocol OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The transmission protocol of a trusted connection."
|
|
::= { connectionTrustEntry 6 }
|
|
|
|
connectionTrustPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the security zone pair whose incoming data caused the trust."
|
|
::= { connectionTrustEntry 7 }
|
|
|
|
connectionTrustReason OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..40))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The UUID of the signature that caused the trust."
|
|
::= { connectionTrustEntry 8 }
|
|
|
|
|
|
-- Other connection trust information
|
|
|
|
connectionTrustTotalCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of connections corresponding to trusted streams.
|
|
Only the first 50 are contained in the connection trust table."
|
|
::= { tpt-tse 7 }
|
|
|
|
|
|
END
|
|
|