CHAPTER3 SNMP Trap Events (Notifications)
MSBR | SNMP Alarms
IDS Blacklist Notification Trap
Table 3-2: acIDSBlacklistNotification
Event acIDSBlacklistNotification
OID 1.3.6.1.4.1.5003.9.10.1.21.2.0.101
Description The trap is sent when the Intrusion Detection System (IDS) feature
has blacklisted a malicious host or removed it from the blacklist.
Default Severity
Event Type securityServiceOrMechanismViolation
Probable Cause thresholdCrossed
Alarm Text "Added IP * to blacklist"
"Removed IP * from blacklist"
Status Changes
Corrective Action Identify the malicious remote host (IP address / port) that the
Intrusion Detection System (IDS) has automatically blacklisted or
removed from the blacklist.
Note that a host is determined to be malicious if it has reached or
exceeded a user-defined threshold of malicious attacks (counter).
The malicious source is automatically blacklisted for a user-defined
period, after which it is removed from the blacklist.
Web User Access Denied due to Inactivity Trap
Table 3-3: acWebUserAccessDisabled
Event acWebUserAccessDisabled
OID 1.3.6.1.4.1.5003.9.10.1.21.2.0.93
Default
Severity
Indeterminate
Event Type
Probable
Cause
The alarm is sent when Web user was disabled due to inactivity
Alarm Text
- 65 -
To Next Page
Loading...
Need help?
General
