-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -c
--
-- Trend Micro, Inc.
-- Copyright information is in the DESCRIPTION section of the MODULE-IDENTITY.
-- 
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

TPT-NGFW-USER-MIB

DEFINITIONS ::= BEGIN

IMPORTS
  InetAddress,
  InetAddressType
    FROM INET-ADDRESS-MIB
    
  MODULE-COMPLIANCE,
  NOTIFICATION-GROUP,
  OBJECT-GROUP
    FROM SNMPv2-CONF
    
  MODULE-IDENTITY, 
  NOTIFICATION-TYPE,
  OBJECT-TYPE
    FROM SNMPv2-SMI

  DateAndTime
    FROM SNMPv2-TC
    
  SnmpAdminString
    FROM SNMP-FRAMEWORK-MIB
    
  tptNgfwSystemSerial
    FROM TPT-NGFW-SYSTEM-INFO-MIB
    
  tpt-ngfw-compls,
  tpt-ngfw-groups,
  tpt-ngfw-objs,
  tpt-ngfw-eventsV2,
  tpt-ngfw-params,
  tptNgfwNotifySeverity
    FROM TPT-NGFW-REG-MIB
;

tptNgfwPolicy MODULE-IDENTITY
  LAST-UPDATED "201605251854Z" -- May 25, 2016
  ORGANIZATION "Trend Micro, Inc."
  CONTACT-INFO "www.trendmicro.com"
  DESCRIPTION
    "
     User information for TippingPoint Next-Generation Firewall products.

     Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved.
     
     Trend Micro makes no warranty of any kind with regard to this material,
     including, but not limited to, the implied warranties of merchantability
     and fitness for a particular purpose. Trend Micro shall not be liable for
     errors contained herein or for incidental or consequential damages in
     connection with the furnishing, performance, or use of this material. This
     document contains proprietary information, which is protected by copyright. No
     part of this document may be photocopied, reproduced, or translated into
     another language without the prior written consent of Trend Micro. The
     information is provided 'as is' without warranty of any kind and is subject to
     change without notice. The only warranties for Trend Micro products and
     services are set forth in the express warranty statements accompanying such
     products and services. Nothing herein should be construed as constituting an
     additional warranty. Trend Micro shall not be liable for technical or editorial
     errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and
     Digital Vaccine(R) are registered trademarks of Trend Micro. All other company
     and product names may be trademarks of their respective holders. All rights
     reserved. This document contains confidential information, trade secrets or
     both, which are the property of Trend Micro. No part of this documentation may
     be reproduced in any form or by any means or used to make any derivative work
     (such as translation, transformation, or adaptation) without written permission
     from Trend Micro or one of its subsidiaries. All other company and product
     names may be trademarks of their respective holders.
    "

  REVISION "201605251854Z" -- May 25, 2016 
  DESCRIPTION "Updated copyright information. Minor MIB syntax fixes."
  
  REVISION    "201304031200Z"
  DESCRIPTION "Initial version of NGFW User MIB."

::= { tpt-ngfw-objs 4 } 

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- User Authentication & Account/IP Block Notifications
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwUserAuthFailNotify NOTIFICATION-TYPE
  OBJECTS     { 
                    tptNgfwSystemSerial,
                    tptNgfwUserAuthName,
                    tptNgfwUserAuthFailNotifyReason,
                    tptNgfwUserAuthSrcIpAddrType,
                    tptNgfwUserAuthSrcIpAddr,
                    tptNgfwUserAuthNotifySource,
                    tptNgfwNotifySeverity
              }
  STATUS      current
  DESCRIPTION "A notification sent when a user attempts to log into the device
               but fails to authenticate.
              "
::= { tpt-ngfw-eventsV2 18 }

tptNgfwUserAuthLockedAccountNotify NOTIFICATION-TYPE
  OBJECTS     { 
                    tptNgfwSystemSerial,
                    tptNgfwUserAuthName,
                    tptNgfwUserAuthSrcIpAddrType,
                    tptNgfwUserAuthSrcIpAddr,
                    tptNgfwUserAuthLockedTime,
                    tptNgfwUserAuthNotifySource,
                    tptNgfwNotifySeverity
              }
  STATUS      current
  DESCRIPTION "A notification sent when a user account is locked after exceeding the 
               allowed number of login attempts.
              "
::= { tpt-ngfw-eventsV2 19 }

tptNgfwUserAuthLockedIpNotify NOTIFICATION-TYPE
  OBJECTS     { 
                    tptNgfwSystemSerial,
                    tptNgfwUserAuthSrcIpAddrType,
                    tptNgfwUserAuthSrcIpAddr,
                    tptNgfwUserAuthLockedTime,
                    tptNgfwNotifySeverity
              }
  STATUS      current
  DESCRIPTION "A notification sent when too many failed login attempts occur from
               the same source IP address.
              "
::= { tpt-ngfw-eventsV2 20 }

tptNgfwUserAuthName OBJECT-TYPE
  SYNTAX     SnmpAdminString (SIZE(0..40))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The name of a user.
              "
::= { tpt-ngfw-params 73 }

tptNgfwUserAuthFailNotifyReason OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..80))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The reason for the user authentication failure.
              "
::= { tpt-ngfw-params 74 }

tptNgfwUserAuthSrcIpAddrType OBJECT-TYPE
  SYNTAX      InetAddressType
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The type of IP address of the source IP address object.
              "
::= { tpt-ngfw-params 75 }

tptNgfwUserAuthSrcIpAddr OBJECT-TYPE
  SYNTAX      InetAddress
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The device IP from where the user attempted to authenticate.
              "
::= { tpt-ngfw-params 76 }

tptNgfwUserAuthNotifySource OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..40)) 
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The source or interface (SSH, LSM, SMS, Console) used to make
               an authentication attempt.
              "
::= { tpt-ngfw-params 77 }

tptNgfwUserAuthLockedTime OBJECT-TYPE
  SYNTAX      DateAndTime 
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The time a user account or IP address was locked.
              "
::= { tpt-ngfw-params 78 }


-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Groups
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwUserGroup OBJECT-GROUP
  OBJECTS     {
                    tptNgfwUserAuthName,
                    tptNgfwUserAuthFailNotifyReason,
                    tptNgfwUserAuthSrcIpAddrType,
                    tptNgfwUserAuthSrcIpAddr,
                    tptNgfwUserAuthNotifySource,
                    tptNgfwUserAuthLockedTime
              }
 
  STATUS      current
  DESCRIPTION "User group containing objects related to user stats.
              "
::= { tpt-ngfw-groups 11 }

tptNgfwUserNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
                    tptNgfwUserAuthFailNotify,
                    tptNgfwUserAuthLockedAccountNotify, 
                    tptNgfwUserAuthLockedIpNotify
                  }
                  
    STATUS        current
    DESCRIPTION   "Group for all user notifications.
                  "
::= { tpt-ngfw-groups 12 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Compliances
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwUserCompl MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION "Compliance group for user MIB.
                "
    MODULE
      MANDATORY-GROUPS { tptNgfwUserGroup, tptNgfwUserNotificationGroup }
::= { tpt-ngfw-compls 5 }

END
