5.02021-11-21T22:01:02ZTemplatesViPNet IDS SNMPv2ViPNet IDS SNMPv2## Description
ViPNet IDS SNMPv2 template
## Overview
Infotecs ViPNet IDS
## Author
Antik89
TemplatesViPNet IDS- Attacks count for day periodSNMP_AGENT1.3.6.1.4.1.10812.3.1.9.1.1.0attacks.day1hIDS attacks count for day periodViPNet IDS
- Attacks count for day period (high severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.1.2.0attacks.high.day5mIDS attacks count for day period (high severity)ViPNet IDS{change()}>={$ATCKS.HIGH}{HOST.NAME} high growth of high severity attacks (>{$ATCKS.HIGH} events from last time)WARNINGYES
- Attacks count for month period (high severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.2.2.0attacks.high.month1hIDS attacks count for month period (high severity)ViPNet IDS
- Attacks count for year period (high severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.3.2.0attacks.high.year1hIDS attacks count for year period (high severity)ViPNet IDS
- Attacks count for day period (information severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.1.5.0attacks.information.day1hIDS attacks count for day period (information severity)ViPNet IDS
- Attacks count for month period (information severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.2.5.0attacks.information.month1hIDS attacks count for month period (information severity)ViPNet IDS
- Attacks count for year period (information severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.3.5.0attacks.information.year1hIDS attacks count for year period (information severity)ViPNet IDS
- Attacks count for day period (low severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.1.4.0attacks.low.day1hIDS attacks count for day period (low severity)ViPNet IDS
- Attacks count for month period (low severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.2.4.0attacks.low.month1hIDS attacks count for month period (low severity)ViPNet IDS
- Attacks count for year period (low severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.3.4.0attacks.low.year1hIDS attacks count for year period (low severity)ViPNet IDS
- Attacks count for day period (medium severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.1.3.0attacks.medium.day1hIDS attacks count for day period (medium severity)ViPNet IDS{change()}>={$ATCKS.MED}{HOST.NAME} high growth of medium severity attacks (>{$ATCKS.MED} events from last time)WARNINGYES
- Attacks count for month period (medium severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.2.3.0attacks.medium.month1hIDS attacks count for month period (medium severity)ViPNet IDS
- Attacks count for year period (medium severity)SNMP_AGENT1.3.6.1.4.1.10812.3.1.9.3.3.0attacks.medium.year1hIDS attacks count for year period (medium severity)ViPNet IDS
- Attacks count for month periodSNMP_AGENT1.3.6.1.4.1.10812.3.1.9.2.1.0attacks.month1dIDS attacks count for day periodViPNet IDS
- Attacks count for year periodSNMP_AGENT1.3.6.1.4.1.10812.3.1.9.3.1.0attacks.year1dIDS attacks count for year periodViPNet IDS
- CPU loadSNMP_AGENT1.3.6.1.4.1.10812.3.1.8.5.0CPU.load30s%IDS CPU loadViPNet IDS{avg(5m)}>={$CPU.LOAD}{HOST.NAME} high CPU load (over {$CPU.LOAD}% for 5 min)WARNING
- Database free spaceSNMP_AGENT1.3.6.1.4.1.10812.3.1.8.10.0DB.space1hGbIDS Database free spaceViPNet IDS
- Hardware versionSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.2.0hardware.version1d0TEXTIDS hardware version (platform)ViPNet IDS
- License expiration dateSNMP_AGENT1.3.6.1.4.1.10812.3.1.5.1.0license.expdate1d0TEXTIDS license expiration dateViPNet IDS
- License days before expirationSNMP_AGENT1.3.6.1.4.1.10812.3.1.5.5.0license.expdays1ddaysIDS license days before expirationViPNet IDS{last()}<={$LIC.DAYS}{HOST.NAME} license expire soon ({#SNMPVALUE} days left)WARNINGYES
- Loader service statusSNMP_AGENT1.3.6.1.4.1.10812.3.1.6.4.0loader.status120sIDS Loader service statusViPNet IDSViPNet IDS services state
- RAM usageSNMP_AGENT1.3.6.1.4.1.10812.3.1.8.6.0RAM.usage30s%IDS RAM usageViPNet IDS{avg(5m)}>={$RAM.USAGE}{HOST.NAME} high RAM usage (over {$RAM.USAGE}% for 5 min)WARNING
- Detection rules dateSNMP_AGENT1.3.6.1.4.1.10812.3.1.5.3.0rules.date1d0TEXTIDS Detection rules dateViPNet IDS
- Sensor IDSNMP_AGENT1.3.6.1.4.1.10812.3.1.1.0sensor.ID1hIDS sensor IDViPNet IDS
- Sensor service statusSNMP_AGENT1.3.6.1.4.1.10812.3.1.6.5.0sensor.status120sIDS Sensor service statusViPNet IDSViPNet IDS services state{change()}=-1{HOST.NAME} Sensor service status changed to downWARNINGYES
- Serial numberSNMP_AGENT1.3.6.1.4.1.10812.3.1.5.2.0serial.number1d0TEXTIDS Serial numberViPNet IDS
- Services statusSNMP_AGENT1.3.6.1.4.1.10812.3.1.6.3.0services.status120sIDS services statusViPNet IDSViPNet IDS services state{change()}=-1{HOST.NAME} services downWARNINGYES
- Software version buildSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.6.0software.build1d0IDS software version buildViPNet IDS
- Software version hotfixSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.5.0software.hotfix1d0IDS software version hotfixViPNet IDS
- Software version majorSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.3.0software.major1d0IDS software version majorViPNet IDS
- Software version minorSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.4.0software.minor1d0IDS software version minorViPNet IDS
- Software versionSNMP_AGENT1.3.6.1.4.1.10812.3.1.7.1.0software.version1d0TEXTIDS software versionViPNet IDS
- UptimeSNMP_AGENT1.3.6.1.2.1.1.3.0system.uptime[sysUpTime.0]30s0uptimeMIB: SNMPv2-MIB
The time (in hundredths of a second) since the network management portion of the system was last re-initialized.ViPNet IDSMULTIPLIER0.01{last()}<10m{HOST.NAME} has been restarted (uptime < 10m)WARNINGYES
- System partition free spaceSNMP_AGENT1.3.6.1.4.1.10812.3.1.8.9.0systempartition.freespace1hGbIDS system partition free spaceViPNet IDS
- System partition usageSNMP_AGENT1.3.6.1.4.1.10812.3.1.8.8.0systempartition.usage1h%IDS system partition usageViPNet IDS{last()}>={$CPU.LOAD}{HOST.NAME} high system partition usage (over {$CPU.LOAD}%)WARNING
- Total attacksSNMP_AGENT1.3.6.1.4.1.10812.3.1.4.0total.attacks15mIDS DB total attacksViPNet IDS
Detection interfaceSNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.10.1.2]detection.interface1h1hDetection interface name {#SNMPVALUE}SNMP_AGENT1.3.6.1.4.1.10812.3.10.1.2.{#SNMPINDEX}detection.interface.name.[{#SNMPVALUE}]1h0TEXTViPNet IDSDetection interface state discription {#SNMPVALUE}SNMP_AGENT1.3.6.1.4.1.10812.3.10.1.4.{#SNMPINDEX}detection.interface.state.discription.[{#SNMPVALUE}]2m0TEXTViPNet IDSDetection interface state {#SNMPVALUE}SNMP_AGENT1.3.6.1.4.1.10812.3.10.1.3.{#SNMPINDEX}detection.interface.state.[{#SNMPVALUE}]2mViPNet IDSViPNet IDS detection interface state{change()}>0{HOST.NAME} {#SNMPVALUE} detection interface state changed to downHIGHLast day attacks (attacked ip addresses)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.5.1.2.{$SENSOR.ID}]lastday.attacks.attacked.ip15m{#SNMPINDEX}^(?:[1-9]|0[1-9]|10)$A1hLast day attacks (attacked ip address №{#SNMPINDEX})SNMP_AGENT1.3.6.1.4.1.10812.3.5.1.2.{$SENSOR.ID}.{#SNMPINDEX}lastday.attacks.attacked.ip[{#SNMPINDEX}]15m0TEXTViPNet IDSLast day attacks (attacker ip addresses)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.6.1.2.{$SENSOR.ID}]lastday.attacks.attacker.ip15m{#SNMPINDEX}^(?:[1-9]|0[1-9]|10)$A1hLast day attacks (attacker ip addresses №{#SNMPINDEX})SNMP_AGENT1.3.6.1.4.1.10812.3.6.1.2.{$SENSOR.ID}.{#SNMPINDEX}lastday.attacks.attacker.ip[{#SNMPINDEX}]15m0TEXTViPNet IDSLast day attacks (events count)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.4.1.6.{$SENSOR.ID}]lastday.attacks.events.count15mOR1hLast day attacks (events count) №{#SNMPINDEX}SNMP_AGENT1.3.6.1.4.1.10812.3.4.1.6.{$SENSOR.ID}.{#SNMPINDEX}lastday.attacks.events.count[{#SNMPINDEX}]15mViPNet IDSLast day attacks (events name)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.4.1.4.{$SENSOR.ID}]lastday.attacks.events.name15m1hLast day events name №{#SNMPINDEX}SNMP_AGENT1.3.6.1.4.1.10812.3.4.1.4.{$SENSOR.ID}.{#SNMPINDEX}lastdayevents.events.name[{#SNMPINDEX}]15m0TEXTViPNet IDSLast day attacks (events severity)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.4.1.5.{$SENSOR.ID}]lastday.attacks.events.severity15m1hLast day attacks (events URL)SNMP_AGENTdiscovery[{#SNMPVALUE},.1.3.6.1.4.1.10812.3.4.1.7.{$SENSOR.ID}]lastday.attacks.events.url15m1hLast day events URL №{#SNMPINDEX}SNMP_AGENT1.3.6.1.4.1.10812.3.4.1.7.{$SENSOR.ID}.{#SNMPINDEX}lastday.attacks.events.url[{#SNMPINDEX}]15m0TEXTViPNet IDS{$ATCKS.HIGH}25count of attacks to inform high count of attacks trigger{$ATCKS.MED}125count of attacks to inform medium count of attacks trigger{$CPU.LOAD}75high cpu load value{$LIC.DAYS}30days of license time to inform{$RAM.USAGE}75max RAM usage{$SENSOR.ID}357810809paste item Sensor ID here{ViPNet IDS SNMPv2:software.build.diff()}=1 or {ViPNet IDS SNMPv2:software.hotfix.diff()}=1 or {ViPNet IDS SNMPv2:software.major.diff()}=1 or {ViPNet IDS SNMPv2:software.minor.diff()}=1{HOST.NAME} software version changedINFOYESCPU loadNOFILLED_REGION00FF00ALL- ViPNet IDS SNMPv2CPU.load
Day attacks count5000NONOPIEYESF63100LAST- ViPNet IDS SNMPv2attacks.high.day
1FF8000LAST- ViPNet IDS SNMPv2attacks.medium.day
280FF00LAST- ViPNet IDS SNMPv2attacks.low.day
32774A4LAST- ViPNet IDS SNMPv2attacks.information.day
Month attacks count5000NONOPIEYESFF4000LAST- ViPNet IDS SNMPv2attacks.high.month
1F7941DLAST- ViPNet IDS SNMPv2attacks.medium.month
280FF00LAST- ViPNet IDS SNMPv2attacks.low.month
300BFFFLAST- ViPNet IDS SNMPv2attacks.information.month
Year attacks count5000NONOPIEYESFF0000- ViPNet IDS SNMPv2attacks.high.year
1FF8000- ViPNet IDS SNMPv2attacks.medium.year
280FF00- ViPNet IDS SNMPv2attacks.low.year
300BFFF- ViPNet IDS SNMPv2attacks.information.year
ViPNet IDS detection interface state0up2downViPNet IDS services state0down1up