609 lines
21 KiB
Plaintext
609 lines
21 KiB
Plaintext
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Trend Micro, Inc.
|
|
-- Copyright information is in the DESCRIPTION section of the MODULE-IDENTITY.
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
TPT-NGFW-POLICY-MIB
|
|
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
InetAddress,
|
|
InetAddressType
|
|
FROM INET-ADDRESS-MIB
|
|
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
|
|
Counter64,
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
OBJECT-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
|
|
DateAndTime,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
|
|
tptNgfwSystemSerial
|
|
FROM TPT-NGFW-SYSTEM-INFO-MIB
|
|
|
|
tpt-ngfw-compls,
|
|
tpt-ngfw-groups,
|
|
tpt-ngfw-objs,
|
|
tpt-ngfw-eventsV2,
|
|
tpt-ngfw-params
|
|
FROM TPT-NGFW-REG-MIB
|
|
;
|
|
|
|
tptNgfwPolicy MODULE-IDENTITY
|
|
LAST-UPDATED "201605251854Z" -- May 25, 2016
|
|
ORGANIZATION "Trend Micro, Inc."
|
|
CONTACT-INFO "www.trendmicro.com"
|
|
DESCRIPTION
|
|
"
|
|
Policy information and notifications for TippingPoint Next-Generation Firewall products. This
|
|
includes Firewall rules, IPS, Reputation profiles, Quarantine.
|
|
|
|
Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved.
|
|
|
|
Trend Micro makes no warranty of any kind with regard to this material,
|
|
including, but not limited to, the implied warranties of merchantability
|
|
and fitness for a particular purpose. Trend Micro shall not be liable for
|
|
errors contained herein or for incidental or consequential damages in
|
|
connection with the furnishing, performance, or use of this material. This
|
|
document contains proprietary information, which is protected by copyright. No
|
|
part of this document may be photocopied, reproduced, or translated into
|
|
another language without the prior written consent of Trend Micro. The
|
|
information is provided 'as is' without warranty of any kind and is subject to
|
|
change without notice. The only warranties for Trend Micro products and
|
|
services are set forth in the express warranty statements accompanying such
|
|
products and services. Nothing herein should be construed as constituting an
|
|
additional warranty. Trend Micro shall not be liable for technical or editorial
|
|
errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and
|
|
Digital Vaccine(R) are registered trademarks of Trend Micro. All other company
|
|
and product names may be trademarks of their respective holders. All rights
|
|
reserved. This document contains confidential information, trade secrets or
|
|
both, which are the property of Trend Micro. No part of this documentation may
|
|
be reproduced in any form or by any means or used to make any derivative work
|
|
(such as translation, transformation, or adaptation) without written permission
|
|
from Trend Micro or one of its subsidiaries. All other company and product
|
|
names may be trademarks of their respective holders.
|
|
"
|
|
|
|
REVISION "201605251854Z" -- May 25, 2016
|
|
DESCRIPTION "Updated copyright information. Minor MIB syntax fixes."
|
|
|
|
REVISION "201303131200Z" -- March 12, 2013
|
|
DESCRIPTION "Initial version of NGFW Policy MIB."
|
|
|
|
::= { tpt-ngfw-objs 4 }
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Textual Conventions
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
EventSource ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "The firewall rule or inspection profile that triggered a policy
|
|
notification.
|
|
"
|
|
SYNTAX INTEGER { firewall(1), ips(2), reputation(3), quarantine(4) }
|
|
|
|
FirewallEventType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "The type of firewall event detected: a session start or
|
|
end, an application detection, or network traffic
|
|
was blocked.
|
|
"
|
|
SYNTAX INTEGER { sessionStart(1), applicationDetect(2), sessionEnd(3),
|
|
blockedByFirewall(4) }
|
|
|
|
EventSeverity ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "The severity of a network event.
|
|
"
|
|
SYNTAX INTEGER { info(1), low(2), minor(3), major(4), critical(5) }
|
|
|
|
ActionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "The action taken by a policy to either block, permit, trust,
|
|
rate-limit, or quarantine network traffic.
|
|
"
|
|
SYNTAX INTEGER { permit(1), rateLimit(2), trust(3), block(4),
|
|
quarantine(5) }
|
|
|
|
PacketTraceVersion ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "The version of a packet trace collected and saved or none.
|
|
"
|
|
SYNTAX INTEGER { packetTraceV1(1), packetTraceV2(2), none(3) }
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- NGFW Policy Notification
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
tptNgfwPolicyNotifyTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The time when the firewall detected a network event and generated
|
|
this policy notification.
|
|
"
|
|
::= { tpt-ngfw-params 20 }
|
|
|
|
tptNgfwPolicyNotifyEventSource OBJECT-TYPE
|
|
SYNTAX EventSource
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The policy component (Firewall, IPS, Reputation, Quarantine) that detected
|
|
a network event and generated this notification.
|
|
"
|
|
::= { tpt-ngfw-params 21 }
|
|
|
|
tptNgfwPolicyNotifyEventType OBJECT-TYPE
|
|
SYNTAX FirewallEventType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "If the notify event was generated by the firewall, this object
|
|
indicates what type of event was detected.
|
|
"
|
|
::= { tpt-ngfw-params 22 }
|
|
|
|
tptNgfwPolicyNotifyEventSeverity OBJECT-TYPE
|
|
SYNTAX EventSeverity
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The severity of the detected network event.
|
|
"
|
|
::= { tpt-ngfw-params 23 }
|
|
|
|
tptNgfwPolicyNotifyCorrelationId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "A 128-bit identifier in decimal format. This ID is used to correlate firewall
|
|
events. For example, a firewall session started and ended notification will
|
|
have the same correlation ID.
|
|
"
|
|
::= { tpt-ngfw-params 24 }
|
|
|
|
tptNgfwPolicyNotifyActionType OBJECT-TYPE
|
|
SYNTAX ActionType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The type of action taken on network traffic matching a firewall rule or
|
|
inspection profile.
|
|
"
|
|
::= { tpt-ngfw-params 25 }
|
|
|
|
tptNgfwPolicyNotifyAction OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..80))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "This object provides additional description of a firewall action.
|
|
For example, when a quarantine action occurs, this object details if the action
|
|
was to place traffic in or out of quarantine.
|
|
"
|
|
::= { tpt-ngfw-params 26 }
|
|
|
|
tptNgfwPolicyNotifyActionSetName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The action set name associated with the firewall rule that detected an event.
|
|
"
|
|
::= { tpt-ngfw-params 27 }
|
|
|
|
tptNgfwPolicyNotifyRuleName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..50))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The firewall rule name that has generated the notification.
|
|
"
|
|
::= { tpt-ngfw-params 28 }
|
|
|
|
tptNgfwPolicyNotifyInInterface OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..40))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The interface name that is receiving the traffic that triggered a
|
|
firewall action.
|
|
"
|
|
::= { tpt-ngfw-params 29 }
|
|
|
|
tptNgfwPolicyNotifyOutInterface OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..40))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The interface name sending the suspect traffic.
|
|
"
|
|
::= { tpt-ngfw-params 30 }
|
|
|
|
tptNgfwPolicyNotifySrcIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The IP address type of the network traffic source.
|
|
"
|
|
::= { tpt-ngfw-params 31 }
|
|
|
|
tptNgfwPolicyNotifySrcIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source IP address generating the network traffic that has
|
|
triggered a firewall action.
|
|
"
|
|
::= { tpt-ngfw-params 32 }
|
|
|
|
tptNgfwPolicyNotifySrcPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source port generating the network traffic.
|
|
"
|
|
::= { tpt-ngfw-params 33 }
|
|
|
|
tptNgfwPolicyNotifySrcTransIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The translated (NAT) source IP address.
|
|
"
|
|
::= { tpt-ngfw-params 34 }
|
|
|
|
tptNgfwPolicyNotifySrcTransPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The translated (NAT) source port.
|
|
"
|
|
::= { tpt-ngfw-params 35 }
|
|
|
|
tptNgfwPolicyNotifyDestIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The destination IP address type.
|
|
"
|
|
::= { tpt-ngfw-params 36 }
|
|
|
|
tptNgfwPolicyNotifyDestIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source IP address receiving network traffic that triggered a
|
|
firewall action.
|
|
"
|
|
::= { tpt-ngfw-params 37 }
|
|
|
|
tptNgfwPolicyNotifyDestPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source port receiving the network traffic.
|
|
"
|
|
::= { tpt-ngfw-params 38 }
|
|
|
|
tptNgfwPolicyNotifyDestTransIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The translated (NAT) destination IP address.
|
|
"
|
|
::= { tpt-ngfw-params 39 }
|
|
|
|
tptNgfwPolicyNotifyDestTransPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The translated (NAT) destination port.
|
|
"
|
|
::= { tpt-ngfw-params 40 }
|
|
|
|
tptNgfwPolicyNotifyProtocol OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..40))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The transport protocol of the suspect traffic.
|
|
"
|
|
::= { tpt-ngfw-params 41 }
|
|
|
|
tptNgfwPolicyNotifyApplicationName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..80))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The application name generating network traffic that has triggered
|
|
a firewall rule.
|
|
"
|
|
::= { tpt-ngfw-params 42 }
|
|
|
|
tptNgfwPolicyNotifyUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..80))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The user name, if available, that is responsible for generating
|
|
network traffic triggering a firewall action.
|
|
"
|
|
::= { tpt-ngfw-params 43 }
|
|
|
|
tptNgfwPolicyNotifyBytesIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Source to destination bytes.
|
|
"
|
|
::= { tpt-ngfw-params 44 }
|
|
|
|
tptNgfwPolicyNotifyBytesOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Destination to source bytes.
|
|
"
|
|
::= { tpt-ngfw-params 45 }
|
|
|
|
tptNgfwPolicyNotifyStartTimeSec OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The time, in seconds, from EPOC (January 1, 1970 00:00:00) when the
|
|
event was detected.
|
|
"
|
|
::= { tpt-ngfw-params 46 }
|
|
|
|
tptNgfwPolicyNotifyStartTimeNano OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The fractional time, in nanoseconds, when the event was detected.
|
|
"
|
|
::= { tpt-ngfw-params 47 }
|
|
|
|
tptNgfwPolicyNotifyRateLimit OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The rate-limit, in kbps, of the action set associated with
|
|
this notification.
|
|
"
|
|
::= { tpt-ngfw-params 48 }
|
|
|
|
tptNgfwPolicyNotifyPktTraceVer OBJECT-TYPE
|
|
SYNTAX PacketTraceVersion
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The packet trace version.
|
|
"
|
|
::= { tpt-ngfw-params 49 }
|
|
|
|
tptNgfwPolicyNotifyPktTraceId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The bucket identifier for a packet trace.
|
|
"
|
|
::= { tpt-ngfw-params 50 }
|
|
|
|
tptNgfwPolicyNotifyPktTraceBegin OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The starting sequence number for a packet trace.
|
|
"
|
|
::= { tpt-ngfw-params 51 }
|
|
|
|
tptNgfwPolicyNotifyPktTraceEnd OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The ending sequence number for a packet trace.
|
|
"
|
|
::= { tpt-ngfw-params 52 }
|
|
|
|
tptNgfwPolicyNotifyFilterName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..40))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The descriptive name of the filter maching the data stream.
|
|
"
|
|
::= { tpt-ngfw-params 53 }
|
|
|
|
tptNgfwPolicyNotifyProfileName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..80))
|
|
MAX-ACCESS accessible-for-notify
|
|
|
|
STATUS current
|
|
DESCRIPTION "Profile name.
|
|
"
|
|
::= { tpt-ngfw-params 54 }
|
|
|
|
tptNgfwPolicyNotifyPolicyName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..80))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The firewall policy name that matched network traffic and caused the firewall to
|
|
take an action.
|
|
"
|
|
::= { tpt-ngfw-params 55 }
|
|
|
|
tptNgfwPolicyNotifyVlanId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..40))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The VLAN tag that the network traffic occured on.
|
|
"
|
|
::= { tpt-ngfw-params 56 }
|
|
|
|
tptNgfwPolicyNotifyHitCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Hit count. The number of times, the firewall detected a particulare event
|
|
as defined by a rule or inspection profile.
|
|
"
|
|
::= { tpt-ngfw-params 57 }
|
|
|
|
tptNgfwPolicyNotifyMsgParams OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "A string containing parameters (separated by vertical bars) matching the
|
|
Message in the Digital Vaccine (the XML tag is Message).
|
|
"
|
|
::= { tpt-ngfw-params 58 }
|
|
|
|
tptNgfwPolicyNotifyPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The aggregation period, in minutes, when the condition is frist detected and
|
|
this notification sent.
|
|
"
|
|
::= { tpt-ngfw-params 59 }
|
|
|
|
tptNgfwPolicyNotify NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
tptNgfwSystemSerial,
|
|
tptNgfwPolicyNotifyTime,
|
|
tptNgfwPolicyNotifyEventSource,
|
|
tptNgfwPolicyNotifyEventType,
|
|
tptNgfwPolicyNotifyEventSeverity,
|
|
tptNgfwPolicyNotifyCorrelationId,
|
|
tptNgfwPolicyNotifyActionType,
|
|
tptNgfwPolicyNotifyAction,
|
|
tptNgfwPolicyNotifyRuleName,
|
|
tptNgfwPolicyNotifyInInterface,
|
|
tptNgfwPolicyNotifyOutInterface,
|
|
tptNgfwPolicyNotifySrcIpAddrType,
|
|
tptNgfwPolicyNotifySrcIpAddr,
|
|
tptNgfwPolicyNotifySrcPort,
|
|
tptNgfwPolicyNotifySrcTransIpAddr,
|
|
tptNgfwPolicyNotifySrcTransPort,
|
|
tptNgfwPolicyNotifyDestIpAddrType,
|
|
tptNgfwPolicyNotifyDestIpAddr,
|
|
tptNgfwPolicyNotifyDestPort,
|
|
tptNgfwPolicyNotifyDestTransIpAddr,
|
|
tptNgfwPolicyNotifyDestTransPort,
|
|
tptNgfwPolicyNotifyProtocol,
|
|
tptNgfwPolicyNotifyApplicationName,
|
|
tptNgfwPolicyNotifyUserName,
|
|
tptNgfwPolicyNotifyBytesIn,
|
|
tptNgfwPolicyNotifyBytesOut,
|
|
tptNgfwPolicyNotifyStartTimeSec,
|
|
tptNgfwPolicyNotifyStartTimeNano,
|
|
tptNgfwPolicyNotifyRateLimit,
|
|
tptNgfwPolicyNotifyPktTraceVer,
|
|
tptNgfwPolicyNotifyPktTraceId,
|
|
tptNgfwPolicyNotifyPktTraceBegin,
|
|
tptNgfwPolicyNotifyPktTraceEnd,
|
|
tptNgfwPolicyNotifyFilterName,
|
|
tptNgfwPolicyNotifyProfileName,
|
|
tptNgfwPolicyNotifyPolicyName,
|
|
tptNgfwPolicyNotifyVlanId,
|
|
tptNgfwPolicyNotifyHitCount,
|
|
tptNgfwPolicyNotifyMsgParams,
|
|
tptNgfwPolicyNotifyPeriod
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A notification sent when a firewall rule, IPS, Reputation, or
|
|
Quarantine profile detects a network event of interest.
|
|
"
|
|
::= { tpt-ngfw-eventsV2 10 }
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Groups
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
tptNgfwPolicyGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
tptNgfwPolicyNotifyTime,
|
|
tptNgfwPolicyNotifyEventSource,
|
|
tptNgfwPolicyNotifyEventType,
|
|
tptNgfwPolicyNotifyEventSeverity,
|
|
tptNgfwPolicyNotifyCorrelationId,
|
|
tptNgfwPolicyNotifyActionType,
|
|
tptNgfwPolicyNotifyActionSetName,
|
|
tptNgfwPolicyNotifyAction,
|
|
tptNgfwPolicyNotifyRuleName,
|
|
tptNgfwPolicyNotifyInInterface,
|
|
tptNgfwPolicyNotifyOutInterface,
|
|
tptNgfwPolicyNotifySrcIpAddrType,
|
|
tptNgfwPolicyNotifySrcIpAddr,
|
|
tptNgfwPolicyNotifySrcPort,
|
|
tptNgfwPolicyNotifySrcTransIpAddr,
|
|
tptNgfwPolicyNotifySrcTransPort,
|
|
tptNgfwPolicyNotifyDestIpAddrType,
|
|
tptNgfwPolicyNotifyDestIpAddr,
|
|
tptNgfwPolicyNotifyDestPort,
|
|
tptNgfwPolicyNotifyDestTransIpAddr,
|
|
tptNgfwPolicyNotifyDestTransPort,
|
|
tptNgfwPolicyNotifyProtocol,
|
|
tptNgfwPolicyNotifyApplicationName,
|
|
tptNgfwPolicyNotifyUserName,
|
|
tptNgfwPolicyNotifyBytesIn,
|
|
tptNgfwPolicyNotifyBytesOut,
|
|
tptNgfwPolicyNotifyStartTimeSec,
|
|
tptNgfwPolicyNotifyStartTimeNano,
|
|
tptNgfwPolicyNotifyRateLimit,
|
|
tptNgfwPolicyNotifyPktTraceVer,
|
|
tptNgfwPolicyNotifyPktTraceId,
|
|
tptNgfwPolicyNotifyPktTraceBegin,
|
|
tptNgfwPolicyNotifyPktTraceEnd,
|
|
tptNgfwPolicyNotifyFilterName,
|
|
tptNgfwPolicyNotifyProfileName,
|
|
tptNgfwPolicyNotifyPolicyName,
|
|
tptNgfwPolicyNotifyVlanId,
|
|
tptNgfwPolicyNotifyHitCount,
|
|
tptNgfwPolicyNotifyMsgParams,
|
|
tptNgfwPolicyNotifyPeriod
|
|
}
|
|
|
|
STATUS current
|
|
DESCRIPTION "Policy group consisting of firewall, IPS, Reputation, and Quarantine
|
|
information.
|
|
"
|
|
::= { tpt-ngfw-groups 7 }
|
|
|
|
tptNgfwPolicyNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
tptNgfwPolicyNotify
|
|
}
|
|
|
|
STATUS current
|
|
DESCRIPTION "Notification sent from TippingPoint Next-generation Firewall rules and inspection
|
|
profiles.
|
|
"
|
|
::= { tpt-ngfw-groups 8 }
|
|
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
--
|
|
-- Compliances
|
|
--
|
|
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
tptNgfwPolicyCompl MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "Compliance for TippingPoint Next-generation Firewall policies.
|
|
"
|
|
MODULE
|
|
MANDATORY-GROUPS { tptNgfwPolicyGroup, tptNgfwPolicyNotificationGroup }
|
|
::= { tpt-ngfw-compls 4 }
|
|
|
|
END
|