From b6df8b011698a8199d39cc64592c26c368f4fe55 Mon Sep 17 00:00:00 2001 From: electrocret Date: Mon, 20 Feb 2023 17:39:20 -0600 Subject: [PATCH] Fortigate IPS Intrusions detected stats (#14857) * Update fortigate.yaml * Use IPS stats table * Update fortigate.yaml * Update fortigate.yaml * Update fortigate.yaml * Update fortigate.yaml * Update fortigate.yaml * Test data * Update fortigate_ips.snmprec * Potential for multiple entries. Further testing found some firewalls with multiple table entries. * cleanup display * Update fortigate.yaml * Update fortigate.yaml * Update fortigate.yaml * Update Testdata --- includes/definitions/discovery/fortigate.yaml | 74 ++++++++++++++++++- tests/snmpsim/fortigate_ips.snmprec | 33 +++++++++ 2 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 tests/snmpsim/fortigate_ips.snmprec diff --git a/includes/definitions/discovery/fortigate.yaml b/includes/definitions/discovery/fortigate.yaml index 5565ecd8ec..6b70d506ce 100644 --- a/includes/definitions/discovery/fortigate.yaml +++ b/includes/definitions/discovery/fortigate.yaml @@ -31,6 +31,7 @@ modules: - fgVpnTunEntPhase1Name - fgVpnTunEntPhase2Name - fgVpnTunEntRemGwyIp + - fgVdEntName state: data: - @@ -143,7 +144,78 @@ modules: descr: 'Monitor Jitter {{ $fgLinkMonitorName }}' group: Link monitor index: 'fgLinkMonitorJitter.{{ $index }}' - + - + oid: fgIpsStatsTable + value: fgIpsIntrusionsDetected + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.1.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Intrusions Detected' + group: IPS + index: 'fgIpsIntrusionsDetected.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsIntrusionsBlocked + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.2.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Intrusions Blocked' + group: IPS + index: 'fgIpsIntrusionsBlocked.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsCritSevDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.3.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Severity Critical Detected' + group: IPS + index: 'fgIpsCritSevDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsHighSevDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.4.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Severity High Detected' + group: IPS + index: 'fgIpsHighSevDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsMedSevDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.5.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Severity Medium Detected' + group: IPS + index: 'fgIpsMedSevDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsLowSevDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.6.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Severity Low Detected' + group: IPS + index: 'fgIpsLowSevDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsInfoSevDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.7.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Severity Informational Detected' + group: IPS + index: 'fgIpsInfoSevDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsSignatureDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.8.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Signature Detected' + group: IPS + index: 'fgIpsSignatureDetections.{{ $index }}' + rrd_type: COUNTER + - + oid: fgIpsStatsTable + value: fgIpsAnomalyDetections + num_oid: '.1.3.6.1.4.1.12356.101.9.2.1.1.9.{{ $index }}' + descr: '{{ $fgVdEntName }} IPS Anomaly Detected' + group: IPS + index: 'fgIpsAnomalyDetections.{{ $index }}' + rrd_type: COUNTER signal: data: - diff --git a/tests/snmpsim/fortigate_ips.snmprec b/tests/snmpsim/fortigate_ips.snmprec new file mode 100644 index 0000000000..4a702b43d4 --- /dev/null +++ b/tests/snmpsim/fortigate_ips.snmprec @@ -0,0 +1,33 @@ + +1.3.6.1.2.1.1.2.0|6|1.3.6.1.4.1.12356.101.1.1000 +1.3.6.1.4.1.12356.101.4.1.1.0|4|v6.4.8,build1914,211117 (GA) +1.3.6.1.4.1.12356.101.4.8.1.0|2|2 +1.3.6.1.4.1.12356.101.4.8.2.1.1.1|2|1 +1.3.6.1.4.1.12356.101.4.8.2.1.2.1|4|lhm-am7 +1.3.6.1.4.1.12356.101.4.8.2.1.3.1|2|0 +1.3.6.1.4.1.12356.101.4.8.2.1.4.1|4|4.102 +1.3.6.1.4.1.12356.101.4.8.2.1.5.1|4|0.092 +1.3.6.1.4.1.12356.101.4.8.2.1.6.1|70|34769755 +1.3.6.1.4.1.12356.101.4.8.2.1.7.1|70|34736903 +1.3.6.1.4.1.12356.101.4.8.2.1.8.1|4|0.000% +1.3.6.1.4.1.12356.101.4.8.2.1.9.1|4|root +1.3.6.1.4.1.12356.101.9.2.1.1.1.1|65|47376 +1.3.6.1.4.1.12356.101.9.2.1.1.1.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.2.1|65|4760 +1.3.6.1.4.1.12356.101.9.2.1.1.2.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.3.1|65|815 +1.3.6.1.4.1.12356.101.9.2.1.1.3.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.4.1|65|3739 +1.3.6.1.4.1.12356.101.9.2.1.1.4.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.5.1|65|333 +1.3.6.1.4.1.12356.101.9.2.1.1.5.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.6.1|65|495 +1.3.6.1.4.1.12356.101.9.2.1.1.6.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.7.1|65|41994 +1.3.6.1.4.1.12356.101.9.2.1.1.7.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.8.1|65|47376 +1.3.6.1.4.1.12356.101.9.2.1.1.8.5|65|0 +1.3.6.1.4.1.12356.101.9.2.1.1.9.1|65|3105002 +1.3.6.1.4.1.12356.101.9.2.1.1.9.5|65|0 +1.3.6.1.4.1.12356.101.3.2.1.1.2.1|4|root +1.3.6.1.4.1.12356.101.3.2.1.1.2.5|4|Wifi