CHAPTER 7 SNMP Traps
Intrusion Detection System (IDS)
This section describes the trap events concerned with the Intrusion Detection System (IDS)
feature.
IDS Threshold Cross Notification Trap
Event
OID
Description
Description
Default Severity
Event Type
Probable Cause
Alarm Text
Status Changes
Corrective Action
IDS Blacklist Notification Trap
Event
OID
Description
Table 7-56: acIDSThresholdCrossNotification
1.3.6.1.4.1.5003.9.10.1.21.2.0.100
The alarm is sent for each scope (IP or IP+Port) crossing a threshold of
an active alarm.
The trap is sent for each scope (IP or IPport) crossing a threshold of
an active alarm.
Other
Threshold crossed for scope value IP. Severity=minor/major/critical.
Current value=NUM
1.
Identify the remote host (IP address / port) on the network that
the Intrusion Detection System (IDS) has indicated as malicious.
The IDS determines a host to be malicious if it has reached or
exceeded a user-defined threshold of malicious attacks (counter).
2.
Block the malicious activity.
Table 7-57: acIDSBlacklistNotification
1.3.6.1.4.1.5003.9.10.1.21.2.0.101
The trap is sent when the Intrusion Detection System (IDS) feature
has blacklisted a malicious host or removed it from the blacklist.
- 159 -
Mediant 800 SBC | SNMP Reference Guide
acIDSThresholdCrossNotification
acIDSBlacklistNotification