Trap ricevuto (cambiamento configurazione Cisco)

System.NetworkManagement.Cisco.Node.ConfigurationChanged (Rule)

Lancia un'individuazione quando viene ricevuto un sysConfigChangeTrap

Knowledge Base article:

Riepilogo

Questa regola lancia un'individuazione quando si riceve un trap che indica che la configurazione di un'interfaccia Cisco è stata cambiata.

Element properties:

Target	System.NetworkManagement.Cisco_Node
Category	Discovery
Enabled	True
Alert Generate	False
Remotable	True

Member Modules:

ID	Module Type	TypeId	RunAs
Trap	DataSource	System.NetworkManagement.TrapTriggerProvider	Default
WA	WriteAction	System.NetworkManagement.TrapDiscoveryRequestPublishData	Default

Source Code:

<Rule ID="System.NetworkManagement.Cisco.Node.ConfigurationChanged" Enabled="true" Target="NetworkLibrary!System.NetworkManagement.Cisco_Node" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Discovery</Category>

  <DataSources>

    <DataSource ID="Trap" TypeID="NetworkLibrary!System.NetworkManagement.TrapTriggerProvider">

      <IP>$Target/Property[Type="NetworkLibrary!System.NetworkManagement.Node"]/SNMPAddress$</IP>

      <TriggerOID>.1.3.6.1.4.1.9.5.0.9</TriggerOID>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WA" TypeID="NetworkLibrary!System.NetworkManagement.TrapDiscoveryRequestPublishData"/>

  </WriteActions>

</Rule>