This object indicates that the traffic originating from
the attacker is being blocked as a result of the
alert. This element may be omitted if and only if
its value is 'false'.
This object indicates that the traffic originating from
the attacker is being blocked as a result of the
alert. This element may be omitted if and only if
its value is 'false'.
cidsAlertDenyPacket OBJECT-TYPE SYNTAX TruthValue ACCESS not-accessible STATUS mandatory DESCRIPTION "This object indicates that the traffic originating from the attacker is being blocked as a result of the alert. This element may be omitted if and only if its value is 'false'." ::= { cidsAlert 46 }
cidsAlertDenyPacket OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates that the traffic originating from the attacker is being blocked as a result of the alert. This element may be omitted if and only if its value is 'false'." ::= { cidsAlert 46 }
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.9.9.383.1.2.1 | cidsAlertSeverity | 1 | 1 | The severity associated with a Cids signature (informational, low, medium or high for example). |
| 1.3.6.1.4.1.9.9.383.1.2.2 | cidsAlertAlarmTraits | 1 | 1 | The alarm traits is an unsigned 16-bit integer representing the value of the 16 user-defined alarm traits specified in the config… |
| 1.3.6.1.4.1.9.9.383.1.2.3 | cidsAlertSignature | 1 | 1 | Content is a string containing details about the signature that fired, without any specifics tied to this instance of the alert. … |
| 1.3.6.1.4.1.9.9.383.1.2.4 | cidsAlertSignatureSigName | 1 | 1 | The name of the Intrusion detection signature that triggered this event. |
| 1.3.6.1.4.1.9.9.383.1.2.5 | cidsAlertSignatureSigId | 1 | 1 | The ID of the Intrusion detection signature that triggered this event. The ID combines with the cidsAlertSignatureSubSigId to cre… |
| 1.3.6.1.4.1.9.9.383.1.2.6 | cidsAlertSignatureSubSigId | 1 | 1 | The optional Sub ID of the Intrusion detection signature that triggered this event. The Sub ID combines with the cidsAlertSignat… |
| 1.3.6.1.4.1.9.9.383.1.2.7 | cidsAlertSignatureVersion | 1 | 1 | The optional version attribute defines the version number of the signature update in which the triggering signature was introduce… |
| 1.3.6.1.4.1.9.9.383.1.2.8 | cidsAlertSummary | 1 | 1 | Optional, if present, specifies that this is a summary alert, representing one or more alerts with common characteristics. The nu… |
| 1.3.6.1.4.1.9.9.383.1.2.9 | cidsAlertSummaryType | 1 | 1 | Common characteristics shared by all non-summary alerts included in a summary alert. |
| 1.3.6.1.4.1.9.9.383.1.2.10 | cidsAlertSummaryFinal | 1 | 1 | The optional 'final' attribute indicates whether this is the last evAlert containing the same value in the 'initialAlert' attribu… |
| 1.3.6.1.4.1.9.9.383.1.2.11 | cidsAlertSummaryInitialAlert | 1 | 1 | Serial number for the initial alert, which is guaranteed unique within the scope of the originating host. |
| 1.3.6.1.4.1.9.9.383.1.2.12 | cidsAlertInterfaceGroup | 1 | 1 | Optional numeric identifier for a sniffing interface group on this host. |
| 1.3.6.1.4.1.9.9.383.1.2.13 | cidsAlertVlan | 1 | 1 | An optional numeric identifier for a vlan. Identifies the vlan that uses the number in ISL or 802.3.1q headers. |
| 1.3.6.1.4.1.9.9.383.1.2.14 | cidsAlertVictimContext | 1 | 1 | Optional Base64-encoded representation of the stream data that was sourced by the victim. |
| 1.3.6.1.4.1.9.9.383.1.2.15 | cidsAlertAttackerContext | 1 | 1 | Optional Base64-encoded representation of the stream data that was sourced by the Attacker. |
| 1.3.6.1.4.1.9.9.383.1.2.16 | cidsAlertAttackerAddress | 1 | 1 | Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative locatio… |
| 1.3.6.1.4.1.9.9.383.1.2.17 | cidsAlertVictimAddress | 1 | 1 | Optional ip address and ports on a monitored interface. The 'locality' attribute is a string that indicates the relative locatio… |
| 1.3.6.1.4.1.9.9.383.1.2.18 | cidsAlertIpLoggingActivated | 1 | 1 | Indicates whether IP logging has been activated as the result of the alert. A separate evIpLogStatus event will be generated whe… |
| 1.3.6.1.4.1.9.9.383.1.2.19 | cidsAlertTcpResetSent | 1 | 1 | Indicates whether a attempt was made to reset a tcp connection as the result of the alert. The addresses and ports affected must… |
| 1.3.6.1.4.1.9.9.383.1.2.20 | cidsAlertShunRequested | 1 | 1 | Indicates whether an IP address or tcp connection has been requested to be shunned as a result of the alert. Details about the a… |
| 1.3.6.1.4.1.9.9.383.1.2.21 | cidsAlertDetails | 1 | 1 | Textual details about the specific alert instance, not just the signature. |
| 1.3.6.1.4.1.9.9.383.1.2.22 | cidsAlertIpLogId | 1 | 1 | IP log identifiers for IP logs that were added as the result of this alert. |
| 1.3.6.1.4.1.9.9.383.1.2.23 | cidsThreatResponseStatus | 1 | 1 | A brief textual description of the status of the alarm given by the Cisco Systems Threat Response engine. |
| 1.3.6.1.4.1.9.9.383.1.2.24 | cidsThreatResponseSeverity | 1 | 1 | The alarm severity as assigned by the Cisco Systems Threat Response engine. |
| 1.3.6.1.4.1.9.9.383.1.2.25 | cidsAlertEventRiskRating | 1 | 1 | A risk factor that incorporates several additional pieces of information beyond the detection of a potentially malicious action. … |
| 1.3.6.1.4.1.9.9.383.1.2.26 | cidsAlertIfIndex | 0 | 0 | The ifIndex on which the activity was detected. |
| 1.3.6.1.4.1.9.9.383.1.2.27 | cidsAlertProtocol | 0 | 0 | Identifies the IP protocol associated with the alert. |
| 1.3.6.1.4.1.9.9.383.1.2.28 | cidsAlertDeniedAttacker | 0 | 0 | Indicates that the traffic from originating from the attacker is being blocked as a result of the alert. This element may be omit… |
| 1.3.6.1.4.1.9.9.383.1.2.29 | cidsAlertDeniedFlow | 0 | 0 | Indicates that the traffic on the TCP connection being blocked as a result of the alert. This element may be omitted if and only… |
| 1.3.6.1.4.1.9.9.383.1.2.30 | cidsAlertDenyPacketReqNotPerf | 0 | 0 | Indicates whether the packet that triggered the alert would have been denied as a result of the alert if the intrusion prevention… |
| 1.3.6.1.4.1.9.9.383.1.2.31 | cidsAlertDenyFlowReqNotPerf | 0 | 0 | Indicates whether the flow that triggered the alert would have been denied as a result of the alert if the intrusion prevention s… |
| 1.3.6.1.4.1.9.9.383.1.2.32 | cidsAlertDenyAttackerReqNotPerf | 0 | 0 | Indicates whether the traffic from the attacker that triggered the alert would have been denied as a result of the alert if the i… |
| 1.3.6.1.4.1.9.9.383.1.2.33 | cidsAlertBlockConnectionReq | 0 | 0 | Indicates that a TCP connection has been requested to be blocked as a result of the alert. This element may be omitted if and on… |
| 1.3.6.1.4.1.9.9.383.1.2.34 | cidsAlertLogAttackerPacketsAct | 0 | 0 | Indicates that packets associated with the attacker(s) identified by this alert are being logged. This element may be omitted if… |
| 1.3.6.1.4.1.9.9.383.1.2.35 | cidsAlertLogVictimPacketsAct | 0 | 0 | Indicates that packets associated with the victim(s) identified by this alert are being logged. This element may be omitted if an… |
| 1.3.6.1.4.1.9.9.383.1.2.36 | cidsAlertLogPairPacketsActivated | 0 | 0 | Indicates that packets associated with the attacker/victim pair(s) identified by this alert are being logged. This element may be… |
| 1.3.6.1.4.1.9.9.383.1.2.37 | cidsAlertRateLimitRequested | 0 | 0 | Indicates that traffic rate limiting based on the source address and protocol associated with the alert has been requested on ext… |
| 1.3.6.1.4.1.9.9.383.1.2.38 | cidsAlertDeniedAttackVictimPair | 0 | 0 | Indicates that traffic from originating from the attackers address and destined for the victims address identified in the alert i… |
| 1.3.6.1.4.1.9.9.383.1.2.39 | cidsAlertDeniedAttackSericePair | 0 | 0 | Indicates that traffic from originating from the attackers address and destined for the destination service port identified in th… |
| 1.3.6.1.4.1.9.9.383.1.2.40 | cidsAlertDenyAttackVicReqNotPerf | 0 | 0 | Indicates that traffic from originating from the attackers address and destined for the victims address identified in the alert w… |
| 1.3.6.1.4.1.9.9.383.1.2.41 | cidsAlertDenyAttackSerReqNotPerf | 0 | 0 | Indicates that traffic from originating from the attackers address and destined for the destination service port identified in th… |
| 1.3.6.1.4.1.9.9.383.1.2.42 | cidsAlertThreatValueRating | 0 | 0 | Value that represents the calculated threat associated with the detected activity. The threat value consists of the cidsAlertEve… |
| 1.3.6.1.4.1.9.9.383.1.2.43 | cidsAlertRiskRatingTargetValue | 0 | 0 | Represents the asset value associated with a target identified in the alert. |
| 1.3.6.1.4.1.9.9.383.1.2.44 | cidsAlertRiskRatingRelevance | 0 | 0 | Value that represents an attack's relevance to the destination target of this alert. |
| 1.3.6.1.4.1.9.9.383.1.2.45 | cidsAlertRiskRatingWatchList | 0 | 0 | Value that represents the amount that the risk rating value was increased due to the source of the activity associated with the a… |
| 1.3.6.1.4.1.9.9.383.1.2.47 | cidsAlertBlockHost | 0 | 0 | This object indicates that a host has been requested to be blocked as a result of the alert. This element may be omitted if and … |
| 1.3.6.1.4.1.9.9.383.1.2.48 | cidsAlertTcpOneWayResetSent | 0 | 0 | This object indicates an attempt to reset one side of the connection (the victim side). The victim address and ports affected mus… |
| 1.3.6.1.4.1.9.9.383.1.2.49 | cidsAlertVirtualSensor | 0 | 0 | This object represents the name of the virtual sensor associated with an Intrusion Prevention System alert. From the virtual sen… |