netconfcentral logo

ietf-i2nsf-capability

HTML

ietf-i2nsf-capability@2017-10-30



  module ietf-i2nsf-capability {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability";

    prefix i2nsf-capability;

    import ietf-inet-types {
      prefix inet;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
     Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
     WG List: <mailto:i2nsf@ietf.org>

     WG Chair: Adrian Farrel
     <mailto:Adrain@olddog.co.uk>

     WG Chair: Linda Dunbar
     <mailto:Linda.duhbar@huawei.com>

     Editor: Susan Hares
     <mailto:shares@ndzh.com>

     Editor: Jaehoon Paul Jeong
     <mailto:pauljeong@skku.edu>

     Editor: Jinyong Tim Kim
     <mailto:timkim@skku.edu>";

    description
      "This module describes a capability model
    for I2NSF devices.";

    revision "2017-10-30" {
      description "The fourth revision";
      reference
        "draft-ietf-i2nsf-capability-00";

    }


    grouping i2nsf-nsf-location {
      description
        "This provides a location for capabilities.";
      container nsf-address {
        description
          "This is location information for capabilities.";
        choice nsf-address-type {
          description
            "nsf address type: ipv4 and ipv4";
          case ipv4-address {
            description "ipv4 case";
            leaf ipv4-address {
              type inet:ipv4-address;
              mandatory true;
              description
                "nsf address type is ipv4";
            }
          }  // case ipv4-address

          case ipv6-address {
            description "ipv6 case";
            leaf ipv6-address {
              type inet:ipv6-address;
              mandatory true;
              description
                "nsf address type is ipv6";
            }
          }  // case ipv6-address
        }  // choice nsf-address-type
      }  // container nsf-address
    }  // grouping i2nsf-nsf-location

    typedef nsf-type {
      type enumeration {
        enum "network-firewall" {
          value 0;
          description
            "If type of a NSF is Network Firewall.";
        }
        enum "web-app-firewall" {
          value 1;
          description
            "If type of a NSF is Web Application
            Firewall.";
        }
        enum "anti-virus" {
          value 2;
          description
            "If type of a NSF is Anti-Virus";
        }
        enum "ids" {
          value 3;
          description
            "If type of a NSF is IDS.";
        }
        enum "ips" {
          value 4;
          description
            "If type of a NSF is IPS.";
        }
        enum "ddos-mitigator" {
          value 5;
          description
            "If type of a NSF is DDoS Mitigator.";
        }
      }
      description
        "This is used for type of NSF.";
    }

    grouping i2nsf-it-resources {
      description
        "This provides a link between capabilities
       and IT resources. This has a list of IT resources
       by name.";
      container target-device {
        description "it-resources";
        leaf pc {
          type boolean;
          description
            "If type of a device is PC.";
        }

        leaf mobile-phone {
          type boolean;
          description
            "If type of a device is mobile-phone.";
        }

        leaf voip-volte-phone {
          type boolean;
          description
            "If type of a device is voip-volte-phone.";
        }

        leaf tablet {
          type boolean;
          description
            "If type of a device is tablet.";
        }

        leaf iot {
          type boolean;
          description
            "If type of a device is Internet of Things.";
        }

        leaf vehicle {
          type boolean;
          description
            "If type of a device is vehicle.";
        }
      }  // container target-device
    }  // grouping i2nsf-it-resources

    grouping capabilities-information {
      description
        "This includes information of capabilities.";
      leaf nsf-type {
        type nsf-type;
        description "This is type of NSF.";
      }

      uses i2nsf-nsf-location;

      uses i2nsf-it-resources;
    }  // grouping capabilities-information

    grouping i2nsf-net-sec-caps {
      description "i2nsf-net-sec-caps";
      list net-sec-capabilities {
        key "nsc-capabilities-name";
        description "net-sec-capabilities";
        leaf nsc-capabilities-name {
          type string;
          mandatory true;
          description
            "nsc-capabilities-name";
        }

        container time-zone {
          description
            "This can be used to apply rules according to time";
          leaf start-time {
            type boolean;
            description
              "This is start time for time zone";
          }

          leaf end-time {
            type boolean;
            description
              "This is end time for time zone";
          }
        }  // container time-zone

        leaf rule-description {
          type boolean;
          description
            "This is rule-description.";
        }

        leaf rule-rev {
          type boolean;
          description
            "This is rule-revision";
        }

        leaf rule-priority {
          type boolean;
          description
            "This is rule-priority";
        }

        container event {
          description
            " This is abstract. An event is defined as any important
            occurrence in time of a change in the system being
            managed, and/or in the environment of the system being
            managed. When used in the context of policy rules for
            a flow-based NSF, it is used to determine whether the
            Condition clause of the Policy Rule can be evaluated
            or not. Examples of an I2NSF event include time and
            user actions (e.g., logon, logoff, and actions that
            violate any ACL.).";
          choice event-type {
            description
              "Vendors can use YANG data model to configure rules
            by concreting this event type";
            case usr-event {
              leaf usr-manual {
                type string;
                description
                  "This is manual for user event.
                Vendors can write instructions for user event
                that vendor made";
              }

              leaf usr-sec-event-content {
                type boolean;
                description
                  "This is a mandatory string that contains the content
                of the UserSecurityEvent. The format of the content
                is specified in the usrSecEventFormat class
                attribute, and the type of event is defined in the
                usrSecEventType class attribute. An example of the
                usrSecEventContent attribute is a string hrAdmin,
                with the usrSecEventFormat set to 1 (GUID) and the
                usrSecEventType attribute set to 5 (new logon).";
              }

              container usr-sec-event-format {
                description
                  "This is a mandatory uint 8 enumerated integer, which
                is used to specify the data type of the
                usrSecEventContent attribute. The content is
                specified in the usrSecEventContent class attribute,
                and the type of event is defined in the
                usrSecEventType class attribute. An example of the
                usrSecEventContent attribute is string hrAdmin,
                with the usrSecEventFormat attribute set to 1 (GUID)
                and the usrSecEventType attribute set to 5
                (new logon).";
                leaf unknown {
                  type boolean;
                  description
                    "If SecEventFormat is unknown";
                }

                leaf guid {
                  type boolean;
                  description
                    "If SecEventFormat is GUID
                  (Generic Unique IDentifier)";
                }

                leaf uuid {
                  type boolean;
                  description
                    "If SecEventFormat is UUID
                  (Universal Unique IDentifier)";
                }

                leaf uri {
                  type boolean;
                  description
                    "If SecEventFormat is URI
                  (Uniform Resource Identifier)";
                }

                leaf fqdn {
                  type boolean;
                  description
                    "If SecEventFormat is FQDN
                  (Fully Qualified Domain Name)";
                }

                leaf fqpn {
                  type boolean;
                  description
                    "If SecEventFormat is FQPN
                  (Fully Qualified Path Name)";
                }
              }  // container usr-sec-event-format

              container usr-sec-event-type {
                description
                  "This is a mandatory uint 8 enumerated integer, which
                is used to specify the type of event that involves
                this user. The content and format are specified in
                the usrSecEventContent and usrSecEventFormat class
                attributes, respectively. An example of the
                usrSecEventContent attribute is string hrAdmin,
                with the usrSecEventFormat attribute set to 1 (GUID)
                and the usrSecEventType attribute set to 5
               (new logon).";
                leaf unknown {
                  type boolean;
                  description
                    "If usrSecEventType is unknown";
                }

                leaf user-created {
                  type boolean;
                  description
                    "If usrSecEventType is new user
                    created";
                }

                leaf user-grp-created {
                  type boolean;
                  description
                    "If usrSecEventType is new user
                    group created";
                }

                leaf user-deleted {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    deleted";
                }

                leaf user-grp-deleted {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    group deleted";
                }

                leaf user-logon {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    logon";
                }

                leaf user-logoff {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    logoff";
                }

                leaf user-access-request {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    access request";
                }

                leaf user-access-granted {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    granted";
                }

                leaf user-access-violation {
                  type boolean;
                  description
                    "If usrSecEventType is user
                    violation";
                }
              }  // container usr-sec-event-type
            }  // case usr-event

            case dev-event {
              leaf dev-manual {
                type string;
                description
                  "This is manual for device event.
                Vendors can write instructions for device event
                that vendor made";
              }

              leaf dev-sec-event-content {
                type boolean;
                mandatory true;
                description
                  "This is a mandatory string that contains the content
                of the DeviceSecurityEvent. The format of the
                content is specified in the devSecEventFormat class
                attribute, and the type of event is defined in the
                devSecEventType class attribute. An example of the
                devSecEventContent attribute is alarm, with the
                devSecEventFormat attribute set to 1 (GUID), the
                devSecEventType attribute set to 5 (new logon).";
              }

              container dev-sec-event-format {
                description
                  "This is a mandatory uint 8 enumerated integer,
                which is used to specify the data type of the
                devSecEventContent attribute.";
                leaf unknown {
                  type boolean;
                  description
                    "If SecEventFormat is unknown";
                }

                leaf guid {
                  type boolean;
                  description
                    "If SecEventFormat is GUID
                  (Generic Unique IDentifier)";
                }

                leaf uuid {
                  type boolean;
                  description
                    "If SecEventFormat is UUID
                  (Universal Unique IDentifier)";
                }

                leaf uri {
                  type boolean;
                  description
                    "If SecEventFormat is URI
                  (Uniform Resource Identifier)";
                }

                leaf fqdn {
                  type boolean;
                  description
                    "If SecEventFormat is FQDN
                  (Fully Qualified Domain Name)";
                }

                leaf fqpn {
                  type boolean;
                  description
                    "If SecEventFormat is FQPN
                  (Fully Qualified Path Name)";
                }
              }  // container dev-sec-event-format

              container dev-sec-event-type {
                description
                  "This is a mandatory uint 8 enumerated integer,
                which is used to specify the type of event
                that was generated by this device.";
                leaf unknown {
                  type boolean;
                  description
                    "If devSecEventType is unknown";
                }

                leaf comm-alarm {
                  type boolean;
                  description
                    "If devSecEventType is communications
                    alarm";
                }

                leaf quality-of-service-alarm {
                  type boolean;
                  description
                    "If devSecEventType is quality of service
                    alarm";
                }

                leaf process-err-alarm {
                  type boolean;
                  description
                    "If devSecEventType is processing error
                    alarm";
                }

                leaf equipment-err-alarm {
                  type boolean;
                  description
                    "If devSecEventType is equipment error
                    alarm";
                }

                leaf environmental-err-alarm {
                  type boolean;
                  description
                    "If devSecEventType is environmental error
                    alarm";
                }
              }  // container dev-sec-event-type

              container dev-sec-event-type-severity {
                description
                  "This is a mandatory uint 8 enumerated integer,
                which is used to specify the perceived
                severity of the event generated by this
                Device.";
                leaf unknown {
                  type boolean;
                  description
                    "If devSecEventType is unknown";
                }

                leaf cleared {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is cleared";
                }

                leaf indeterminate {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is
                    indeterminate";
                }

                leaf critical {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is critical";
                }

                leaf major {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is major";
                }

                leaf minor {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is minor";
                }

                leaf warning {
                  type boolean;
                  description
                    "If devSecEventTypeSeverity is warning";
                }
              }  // container dev-sec-event-type-severity
            }  // case dev-event

            case sys-event {
              leaf sys-manual {
                type string;
                description
                  "This is manual for system event.
                Vendors can write instructions for system event
                that vendor made";
              }

              leaf sys-sec-event-content {
                type boolean;
                description
                  "This is a mandatory string that contains a content
                of the SystemSecurityEvent. The format of a content
                is specified in a sysSecEventFormat class attribute,
                and the type of event is defined in the
                sysSecEventType class attribute. An example of the
                sysSecEventContent attribute is string sysadmin3,
                with the sysSecEventFormat attribute set to 1(GUID),
                and the sysSecEventType attribute set to 2
                (audit log cleared).";
              }

              container sys-sec-event-format {
                description
                  "This is a mandatory uint 8 enumerated integer, which
                is used to specify the data type of the
                sysSecEventContent attribute.";
                leaf unknown {
                  type boolean;
                  description
                    "If SecEventFormat is unknown";
                }

                leaf guid {
                  type boolean;
                  description
                    "If SecEventFormat is GUID
                  (Generic Unique IDentifier)";
                }

                leaf uuid {
                  type boolean;
                  description
                    "If SecEventFormat is UUID
                  (Universal Unique IDentifier)";
                }

                leaf uri {
                  type boolean;
                  description
                    "If SecEventFormat is URI
                  (Uniform Resource Identifier)";
                }

                leaf fqdn {
                  type boolean;
                  description
                    "If SecEventFormat is FQDN
                  (Fully Qualified Domain Name)";
                }

                leaf fqpn {
                  type boolean;
                  description
                    "If SecEventFormat is FQPN
                  (Fully Qualified Path Name)";
                }
              }  // container sys-sec-event-format

              container sys-sec-event-type {
                description
                  "This is a mandatory uint 8 enumerated integer, which
                is used to specify the type of event that involves
                this device.";
                leaf unknown {
                  type boolean;
                  description
                    "If sysSecEventType is unknown";
                }

                leaf audit-log-written-to {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that audit log is written to";
                }

                leaf audit-log-cleared {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that audit log is cleared";
                }

                leaf policy-created {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that policy is created";
                }

                leaf policy-edited {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that policy is edited";
                }

                leaf policy-deleted {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that policy is deleted";
                }

                leaf policy-executed {
                  type boolean;
                  description
                    "If sysSecEventTypeSeverity
                   is that policy is executed";
                }
              }  // container sys-sec-event-type
            }  // case sys-event

            case time-event {
              leaf time-manual {
                type string;
                description
                  "This is manual for time event.
                Vendors can write instructions for time event
                that vendor made";
              }

              leaf time-sec-event-begin {
                type boolean;
                description
                  "This is a mandatory DateTime attribute, and
                represents the beginning of a time period.
                It has a value that has a date and/or a time
                component (as in the Java or Python libraries).";
              }

              leaf time-sec-event-end {
                type boolean;
                description
                  "This is a mandatory DateTime attribute, and
                 represents the end of a time period. It has
                 a value that has a date and/or a time component
                 (as in the Java or Python libraries). If this is
                 a single event occurrence, and not a time period
                 when the event can occur, then the
                 timeSecEventPeriodEnd attribute may be ignored.";
              }

              leaf time-sec-event-time-zone {
                type boolean;
                description
                  "This is a mandatory string attribute, and defines a
                 time zone that this event occurred in using the
                 format specified in ISO8601.";
              }
            }  // case time-event
          }  // choice event-type
        }  // container event

        container condition {
          description
            " This is abstract.  A condition is defined as a set
          of attributes, features, and/or values that are to be
          compared with a set of known attributes, features,
          and/or values in order to determine whether or not the
          set of Actions in that (imperative) I2NSF Policy Rule
          can be executed or not. Examples of I2NSF Conditions
          include matching attributes of a packet or flow, and
          comparing the internal state of an NSF to a desired state.";
          choice condition-type {
            description
              "Vendors can use YANG data model to configure rules
            by concreting this condition type";
            case packet-security-condition {
              leaf packet-manual {
                type string;
                description
                  "This is manual for packet condition.
                Vendors can write instructions for packet condition
                that vendor made";
              }

              container packet-security-mac-condition {
                description
                  "The purpose of this Class is to represent packet MAC
                 packet header information that can be used as part of
                 a test to determine if the set of Policy Actions in
                 this ECA Policy Rule should be execute or not.";
                leaf pkt-sec-cond-mac-dest {
                  type boolean;
                  description
                    "The MAC destination address (6 octets long).";
                }

                leaf pkt-sec-cond-mac-src {
                  type boolean;
                  description
                    "The MAC source address (6 octets long).";
                }

                leaf pkt-sec-cond-mac-8021q {
                  type boolean;
                  description
                    "This is an optional string attribute, and defines
                   The 802.1Q tab value (2 octets long).";
                }

                leaf pkt-sec-cond-mac-ether-type {
                  type boolean;
                  description
                    "The EtherType field (2 octets long). Values up to
                   and including 1500 indicate the size of the payload
                   in octets; values of 1536 and above define which
                   protocol is encapsulated in the payload of the
                   frame.";
                }

                leaf pkt-sec-cond-mac-tci {
                  type string;
                  description
                    "This is an optional string attribute, and defines
                   the Tag Control Information. This consists of a 3
                   bit user priority field, a drop eligible indicator
                   (1 bit), and a VLAN identifier (12 bits).";
                }
              }  // container packet-security-mac-condition

              container packet-security-ipv4-condition {
                description
                  "The purpose of this Class is to represent packet IPv4
                 packet header information that can be used as part of
                 a test to determine if the set of Policy Actions in
                 this ECA Policy Rule should be executed or not.";
                leaf pkt-sec-cond-ipv4-header-length {
                  type boolean;
                  description
                    "The IPv4 packet header consists of 14 fields,
                   of which 13 are required.";
                }

                leaf pkt-sec-cond-ipv4-tos {
                  type boolean;
                  description
                    "The ToS field could specify a datagram's priority
                   and request a route for low-delay, high-throughput,
                   or highly-reliable service..";
                }

                leaf pkt-sec-cond-ipv4-total-length {
                  type boolean;
                  description
                    "This 16-bit field defines the entire packet size,
                   including header and data, in bytes.";
                }

                leaf pkt-sec-cond-ipv4-id {
                  type boolean;
                  description
                    "This field is an identification field and is
                   primarily used for uniquely identifying
                   the group of fragments of a single IP datagram.";
                }

                leaf pkt-sec-cond-ipv4-fragment {
                  type boolean;
                  description
                    "IP fragmentation is an Internet Protocol (IP)
                   process that breaks datagrams into smaller pieces
                   (fragments), so that packets may be formed that
                   can pass through a link with a smaller maximum
                   transmission unit (MTU) than the original
                   datagram size.";
                }

                leaf pkt-sec-cond-ipv4-fragment-offset {
                  type boolean;
                  description
                    "Fragment offset field along with Don't Fragment
                   and More Fragment flags in the IP protocol
                   header are used for fragmentation and reassembly
                   of IP datagrams.";
                }

                leaf pkt-sec-cond-ipv4-ttl {
                  type boolean;
                  description
                    "The ttl keyword is used to check for a specific
                   IP time-to-live value in the header of
                   a packet.";
                }

                leaf pkt-sec-cond-ipv4-protocol {
                  type boolean;
                  description
                    "Internet Protocol version 4(IPv4) is the fourth
                   version of the Internet Protocol (IP).";
                }

                leaf pkt-sec-cond-ipv4-src {
                  type boolean;
                  description
                    "Defines the IPv4 Source Address.";
                }

                leaf pkt-sec-cond-ipv4-dest {
                  type boolean;
                  description
                    "Defines the IPv4 Destination Address.";
                }

                leaf pkt-sec-cond-ipv4-ipopts {
                  type boolean;
                  description
                    "With the ipopts keyword you can check if
                   a specific ip option is set. Ipopts has
                   to be used at the beginning of a rule.";
                }

                leaf pkt-sec-cond-ipv4-sameip {
                  type boolean;
                  description
                    "Every packet has a source IP-address and
                   a destination IP-address. It can be that
                   the source IP is the same as
                   the destination IP.";
                }

                leaf pkt-sec-cond-ipv4-geoip {
                  type boolean;
                  description
                    "The geoip keyword enables you to match on
                   the source, destination or source and destination
                   IP addresses of network traffic and to see to
                   which country it belongs. To do this, Suricata
                   uses GeoIP API with MaxMind database format.";
                }
              }  // container packet-security-ipv4-condition

              container packet-security-ipv6-condition {
                description
                  "The purpose of this Class is to represent packet
                 IPv6 packet header information that can be used as
                 part of a test to determine if the set of Policy
                 Actions in this ECA Policy Rule should be executed
                 or not.";
                leaf pkt-sec-cond-ipv6-dscp {
                  type boolean;
                  description
                    "Differentiated Services Code Point (DSCP)
                   of ipv6.";
                }

                leaf pkt-sec-cond-ipv6-ecn {
                  type boolean;
                  description
                    "ECN allows end-to-end notification of network
                   congestion without dropping packets.";
                }

                leaf pkt-sec-cond-ipv6-traffic-class {
                  type boolean;
                  description
                    "The bits of this field hold two values. The 6
                   most-significant bits are used for
                   differentiated services, which is used to
                   classify packets.";
                }

                leaf pkt-sec-cond-ipv6-flow-label {
                  type boolean;
                  description
                    "The flow label when set to a non-zero value
                   serves as a hint to routers and switches
                   with multiple outbound paths that these
                   packets should stay on the same path so that
                   they will not be reordered.";
                }

                leaf pkt-sec-cond-ipv6-payload-length {
                  type boolean;
                  description
                    "The size of the payload in octets,
                   including any extension headers.";
                }

                leaf pkt-sec-cond-ipv6-next-header {
                  type boolean;
                  description
                    "Specifies the type of the next header.
                   This field usually specifies the transport
                   layer protocol used by a packet's payload.";
                }

                leaf pkt-sec-cond-ipv6-hop-limit {
                  type boolean;
                  description
                    "Replaces the time to live field of IPv4.";
                }

                leaf pkt-sec-cond-ipv6-src {
                  type boolean;
                  description
                    "The IPv6 address of the sending node.";
                }

                leaf pkt-sec-cond-ipv6-dest {
                  type boolean;
                  description
                    "The IPv6 address of the destination node(s).";
                }
              }  // container packet-security-ipv6-condition

              container packet-security-tcp-condition {
                description
                  "The purpose of this Class is to represent packet
                 TCP packet header information that can be used as
                 part of a test to determine if the set of Policy
                 Actions in this ECA Policy Rule should be executed
                 or not.";
                leaf pkt-sec-cond-tcp-seq-num {
                  type boolean;
                  description
                    "If the SYN flag is set (1), then this is the
                   initial sequence number.";
                }

                leaf pkt-sec-cond-tcp-ack-num {
                  type boolean;
                  description
                    "If the ACK flag is set then the value of this
                   field is the next sequence number that the sender
                   is expecting.";
                }

                leaf pkt-sec-cond-tcp-window-size {
                  type boolean;
                  description
                    "The size of the receive window, which specifies
                   the number of windows size units (by default,bytes)
                   (beyond the segment identified by the sequence
                   number in the acknowledgment field) that the sender
                   of this segment is currently willing to recive.";
                }

                leaf pkt-sec-cond-tcp-flags {
                  type boolean;
                  description
                    "This is a mandatory string attribute, and defines
                   the nine Control bit flags (9 bits).";
                }
              }  // container packet-security-tcp-condition

              container packet-security-udp-condition {
                description
                  "The purpose of this Class is to represent packet UDP
                 packet header information that can be used as part
                 of a test to determine if the set of Policy Actions
                 in this ECA Policy Rule should be executed or not.";
                leaf pkt-sec-cond-udp-length {
                  type boolean;
                  description
                    "This is a mandatory string attribute, and defines
                   the length in bytes of the UDP header and data
                   (16 bits).";
                }
              }  // container packet-security-udp-condition

              container packet-security-icmp-condition {
                description
                  "The internet control message protocol condition.";
                leaf pkt-sec-cond-icmp-type {
                  type boolean;
                  description
                    "ICMP type, see Control messages.";
                }

                leaf pkt-sec-cond-icmp-code {
                  type boolean;
                  description
                    "ICMP subtype, see Control messages.";
                }

                leaf pkt-sec-cond-icmp-seg-num {
                  type boolean;
                  description
                    "The icmp Sequence Number.";
                }
              }  // container packet-security-icmp-condition
            }  // case packet-security-condition

            case packet-payload-condition {
              leaf packet-payload-manual {
                type string;
                description
                  "This is manual for payload condition.
                Vendors can write instructions for payload condition
                that vendor made";
              }

              leaf pkt-payload-content {
                type boolean;
                description
                  "The content keyword is very important in
                 signatures. Between the quotation marks you
                 can write on what you would like the
                 signature to match.";
              }
            }  // case packet-payload-condition

            case target-condition {
              leaf target-manual {
                type string;
                description
                  "This is manual for target condition.
                Vendors can write instructions for target condition
                that vendor made";
              }

              leaf device-sec-context-cond {
                type boolean;
                description
                  "The device attribute that can identify a device,
                 including the device type (i.e., router, switch,
                 pc, ios, or android) and the device's owner as
                 well.";
              }
            }  // case target-condition

            case users-condition {
              leaf users-manual {
                type string;
                description
                  "This is manual for user condition.
                Vendors can write instructions for user condition
                that vendor made";
              }

              container user {
                description
                  "The user (or user group) information with which
                 network flow is associated: The user has many
                 attributes such as name, id, password, type,
                 authentication mode and so on. Name/id is often
                 used in the security policy to identify the user.
                 Besides, NSF is aware of the IP address of the
                 user provided by a unified user management system
                 via network. Based on name-address association,
                 NSF is able to enforce the security functions
                 over the given user (or user group)";
                choice user-name {
                  description
                    "The name of the user.
                   This must be unique.";
                  case tenant {
                    description
                      "Tenant information.";
                    leaf tenant {
                      type boolean;
                      description
                        "User's tenant information.";
                    }
                  }  // case tenant

                  case vn-id {
                    description
                      "VN-ID information.";
                    leaf vn-id {
                      type boolean;
                      description
                        "User's VN-ID information.";
                    }
                  }  // case vn-id
                }  // choice user-name
              }  // container user

              container group {
                description
                  "The user (or user group) information with which
                 network flow is associated: The user has many
                 attributes such as name, id, password, type,
                 authentication mode and so on. Name/id is often
                 used in the security policy to identify the user.
                 Besides, NSF is aware of the IP address of the
                 user provided by a unified user management system
                 via network. Based on name-address association,
                 NSF is able to enforce the security functions
                 over the given user (or user group)";
                choice group-name {
                  description
                    "The name of the user.
                   This must be unique.";
                  case tenant {
                    description
                      "Tenant information.";
                    leaf tenant {
                      type boolean;
                      description
                        "User's tenant information.";
                    }
                  }  // case tenant

                  case vn-id {
                    description
                      "VN-ID information.";
                    leaf vn-id {
                      type boolean;
                      description
                        "User's VN-ID information.";
                    }
                  }  // case vn-id
                }  // choice group-name
              }  // container group
            }  // case users-condition
            leaf context-manual {
              type string;
              description
                "This is manual for context condition.
                Vendors can write instructions for context condition
                that vendor made";
            }

            case gen-context-condition {
              leaf gen-context-manual {
                type string;
                description
                  "This is manual for generic context condition.
                Vendors can write instructions for generic context
                condition that vendor made";
              }

              container geographic-location {
                description
                  "The location where network traffic is associated
                 with. The region can be the geographic location
                 such as country, province, and city,
                 as well as the logical network location such as
                 IP address, network section, and network domain.";
                leaf src-geographic-location {
                  type boolean;
                  description
                    "This is mapped to ip address. We can acquire
                   source region through ip address stored the
                   database.";
                }

                leaf dest-geographic-location {
                  type boolean;
                  description
                    "This is mapped to ip address. We can acquire
                   destination region through ip address stored
                   the database.";
                }
              }  // container geographic-location
            }  // case gen-context-condition
          }  // choice condition-type
        }  // container condition

        container action {
          description
            "An action is used to control and monitor aspects of
           flow-based NSFs when the event and condition clauses
           are satisfied. NSFs provide security functions by
           executing various Actions. Examples of I2NSF Actions
           include providing intrusion detection and/or protection,
           web and flow filtering, and deep packet inspection
           for packets and flows.";
          choice action-type {
            description
              "Vendors can use YANG data model to configure rules
            by concreting this action type";
            case ingress-action {
              leaf ingress-manual {
                type string;
                description
                  "This is manual for ingress action.
                Vendors can write instructions for ingress action
                that vendor made";
              }

              container ingress-action-type {
                description
                  "Ingress action type: permit, deny, and mirror.";
                leaf pass {
                  type boolean;
                  description
                    "If ingress action is pass";
                }

                leaf drop {
                  type boolean;
                  description
                    "If ingress action is drop";
                }

                leaf reject {
                  type boolean;
                  description
                    "If ingress action is reject";
                }

                leaf alert {
                  type boolean;
                  description
                    "If ingress action is alert";
                }

                leaf mirror {
                  type boolean;
                  description
                    "If ingress action is mirror";
                }
              }  // container ingress-action-type
            }  // case ingress-action

            case egress-action {
              leaf egress-manual {
                type string;
                description
                  "This is manual for egress action.
                Vendors can write instructions for egress action
                that vendor made";
              }

              container egress-action-type {
                description
                  "Egress-action-type: invoke-signaling,
                 tunnel-encapsulation, and forwarding.";
                leaf invoke-signaling {
                  type boolean;
                  description
                    "If egress action is invoke signaling";
                }

                leaf tunnel-encapsulation {
                  type boolean;
                  description
                    "If egress action is tunnel encapsulation";
                }

                leaf forwarding {
                  type boolean;
                  description
                    "If egress action is forwarding";
                }

                leaf redirection {
                  type boolean;
                  description
                    "If egress action is redirection";
                }
              }  // container egress-action-type
            }  // case egress-action
          }  // choice action-type
        }  // container action

        container resolution-strategy {
          description
            "The resolution strategies can be used to
          specify how to resolve conflicts that occur between
          the actions of the same or different policy rules that
          are matched and contained in this particular NSF";
          leaf first-matching-rule {
            type boolean;
            description
              "If the resolution strategy is first matching rule";
          }

          leaf last-matching-rule {
            type boolean;
            description
              "If the resolution strategy is last matching rule";
          }
        }  // container resolution-strategy

        container default-action {
          description
            "This default action can be used to specify a predefined
          action when no other alternative action was matched
          by the currently executing I2NSF Policy Rule. An analogy
          is the use of a default statement in a C switch statement.";
          container default-action-type {
            description
              "Ingress action type: permit, deny, and mirror.";
            container ingress-action-type {
              description
                "Ingress action type: permit, deny, and mirror.";
              leaf pass {
                type boolean;
                description
                  "If ingress action is pass";
              }

              leaf drop {
                type boolean;
                description
                  "If ingress action is drop";
              }

              leaf reject {
                type boolean;
                description
                  "If ingress action is reject";
              }

              leaf alert {
                type boolean;
                description
                  "If ingress action is alert";
              }

              leaf mirror {
                type boolean;
                description
                  "If ingress action is mirror";
              }
            }  // container ingress-action-type
          }  // container default-action-type
        }  // container default-action
      }  // list net-sec-capabilities
    }  // grouping i2nsf-net-sec-caps

    grouping i2nsf-con-sec-control-caps {
      description
        "i2nsf-con-sec-control-caps";
      container con-sec-control-capabilities {
        description
          "content-security-control-capabilities";
        leaf anti-virus {
          type boolean;
          description "antivirus";
        }

        leaf ips {
          type boolean;
          description "ips";
        }

        leaf ids {
          type boolean;
          description "ids";
        }

        leaf url-filter {
          type boolean;
          description "url-filter";
        }

        leaf data-filter {
          type boolean;
          description "data-filter";
        }

        leaf mail-filter {
          type boolean;
          description "mail-filter";
        }

        leaf sql-filter {
          type boolean;
          description "sql-filter";
        }

        leaf file-blocking {
          type boolean;
          description "file-blocking";
        }

        leaf file-isolate {
          type boolean;
          description "file-isolate";
        }

        leaf pkt-capture {
          type boolean;
          description "pkt-capture";
        }

        leaf application-behavior {
          type boolean;
          description "application-behavior";
        }

        leaf voip-volte {
          type boolean;
          description "voip-volte";
        }
      }  // container con-sec-control-capabilities
    }  // grouping i2nsf-con-sec-control-caps

    grouping i2nsf-attack-mitigation-control-caps {
      description
        "i2nsf-attack-mitigation-control-caps";
      container attack-mitigation-capabilities {
        description
          "attack-mitigation-capabilities";
        choice attack-mitigation-control-type {
          description
            "attack-mitigation-control-type";
          case ddos-attack {
            description "ddos-attack";
            choice ddos-attack-type {
              description "ddos-attack-type";
              case network-layer-ddos-attack {
                description
                  "network-layer-ddos-attack";
                container network-layer-ddos-attack-types {
                  description
                    "network-layer-ddos-attack-type";
                  leaf syn-flood-attack {
                    type boolean;
                    description
                      "syn-flood-attack";
                  }

                  leaf udp-flood-attack {
                    type boolean;
                    description
                      "udp-flood-attack";
                  }

                  leaf icmp-flood-attack {
                    type boolean;
                    description
                      "icmp-flood-attack";
                  }

                  leaf ip-fragment-flood-attack {
                    type boolean;
                    description
                      "ip-fragment-flood-attack";
                  }

                  leaf ipv6-related-attack {
                    type boolean;
                    description
                      "ip-fragment-flood-attack";
                  }
                }  // container network-layer-ddos-attack-types
              }  // case network-layer-ddos-attack

              case app-layer-ddos-attack {
                description
                  "app-layer-ddos-attack";
                container app-layer-ddos-attack-types {
                  description
                    "app-layer-ddos-attack-types";
                  leaf http-flood-attack {
                    type boolean;
                    description
                      "http-flood-attack";
                  }

                  leaf https-flood-attack {
                    type boolean;
                    description
                      "https-flood-attack";
                  }

                  leaf dns-flood-attack {
                    type boolean;
                    description
                      "dns-flood-attack";
                  }

                  leaf dns-amp-flood-attack {
                    type boolean;
                    description
                      "dns-amp-flood-attack";
                  }

                  leaf ssl-flood-attack {
                    type boolean;
                    description
                      "ssl-flood-attack";
                  }
                }  // container app-layer-ddos-attack-types
              }  // case app-layer-ddos-attack
            }  // choice ddos-attack-type
          }  // case ddos-attack

          case single-packet-attack {
            description
              "single-packet-attack";
            choice single-packet-attack-type {
              description
                "single-packet-attack-type";
              case scan-and-sniff-attack {
                description
                  "scan-and-sniff-attack";
                leaf ip-sweep-attack {
                  type boolean;
                  description
                    "ip-sweep-attack";
                }

                leaf port-scanning-attack {
                  type boolean;
                  description
                    "port-scanning-attack";
                }
              }  // case scan-and-sniff-attack

              case malformed-packet-attack {
                description
                  "malformed-packet-attack";
                leaf ping-of-death-attack {
                  type boolean;
                  description
                    "ping-of-death-attack";
                }

                leaf teardrop-attack {
                  type boolean;
                  description
                    "teardrop-attack";
                }
              }  // case malformed-packet-attack

              case special-packet-attack {
                description
                  "special-packet-attack";
                leaf oversized-icmp-attack {
                  type boolean;
                  description
                    "oversized-icmp-attack";
                }

                leaf tracert-attack {
                  type boolean;
                  description
                    "tracert-attack";
                }
              }  // case special-packet-attack
            }  // choice single-packet-attack-type
          }  // case single-packet-attack
        }  // choice attack-mitigation-control-type
      }  // container attack-mitigation-capabilities
    }  // grouping i2nsf-attack-mitigation-control-caps

    list nsf {
      key "nsf-name";
      description "nsf-name";
      leaf nsf-name {
        type string;
        mandatory true;
        description "nsf-name";
      }

      uses capabilities-information;

      container generic-nsf-capabilities {
        description
          "generic-nsf-capabilities";
        uses i2nsf-net-sec-caps;
      }  // container generic-nsf-capabilities
    }  // list nsf

    rpc call-appropriate-nsf {
      description
        "We can acquire appropriate NSF that we want
      If we give type of NSF that we want to use,
      we acquire the location information of NSF";
      input {
        leaf nsf-type {
          type nsf-type;
          mandatory true;
          description
            "This is used to acquire NSF
              This is mandatory";
        }

        uses i2nsf-it-resources;
      }

      output {
        uses i2nsf-nsf-location;
      }
    }  // rpc call-appropriate-nsf
  }  // module ietf-i2nsf-capability

Summary

  
  
Organization IETF I2NSF (Interface to Network Security Functions) Working Group
  
Module ietf-i2nsf-capability
Version 2017-10-30
File ietf-i2nsf-capability@2017-10-30.yang
  
Prefix i2nsf-capability
Namespace urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability
  
Cooked /cookedmodules/ietf-i2nsf-capability/2017-10-30
YANG /src/ietf-i2nsf-capability@2017-10-30.yang
XSD /xsd/ietf-i2nsf-capability@2017-10-30.xsd
  
Abstract This module describes a capability model for I2NSF devices.
  
Contact
WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>

WG Chair: Adrian Farrel
<mailto:Adrain@olddog.co.uk>

WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>

Editor: Susan Hares
<mailto:shares@ndzh.com>

Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>

Editor: Jinyong Tim Kim
<mailto:timkim@skku.edu>

Description

 
This module describes a capability model
for I2NSF devices.

Typedefs

Typedef Base type Abstract
nsf-type enumeration This is used for type of NSF.

Groupings

Grouping Objects Abstract
capabilities-information nsf-type nsf-addresstarget-device This includes information of capabilities.
i2nsf-attack-mitigation-control-caps attack-mitigation-capabilities i2nsf-attack-mitigation-control-caps
i2nsf-con-sec-control-caps con-sec-control-capabilities i2nsf-con-sec-control-caps
i2nsf-it-resources target-device This provides a link between capabilities and IT resources. This has a list of IT resources by name.
i2nsf-net-sec-caps net-sec-capabilities i2nsf-net-sec-caps
i2nsf-nsf-location nsf-address This provides a location for capabilities.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
nsf list nsf-name
   generic-nsf-capabilities container generic-nsf-capabilities
      net-sec-capabilities list net-sec-capabilities
         action container An action is used to control and monitor aspects of flow-based NSFs when the event and condition clauses are satisfied. NSFs provide security functions by executing various Actions. Examples of I2NSF Actions include providing intrusion detection and/or pr...
            action-type choice Vendors can use YANG data model to configure rules by concreting this action type
               egress-action case egress-manual egress-action-type
                  egress-action-type container Egress-action-type: invoke-signaling, tunnel-encapsulation, and forwarding.
                     forwarding leaf If egress action is forwarding
                     invoke-signaling leaf If egress action is invoke signaling
                     redirection leaf If egress action is redirection
                     tunnel-encapsulation leaf If egress action is tunnel encapsulation
                  egress-manual leaf This is manual for egress action. Vendors can write instructions for egress action that vendor made
               ingress-action case ingress-manual ingress-action-type
                  ingress-action-type container Ingress action type: permit, deny, and mirror.
                     alert leaf If ingress action is alert
                     drop leaf If ingress action is drop
                     mirror leaf If ingress action is mirror
                     pass leaf If ingress action is pass
                     reject leaf If ingress action is reject
                  ingress-manual leaf This is manual for ingress action. Vendors can write instructions for ingress action that vendor made
         condition container This is abstract. A condition is defined as a set of attributes, features, and/or values that are to be compared with a set of known attributes, features, and/or values in order to determine whether or not the set of Actions in that (imperative) I2NSF P...
            condition-type choice Vendors can use YANG data model to configure rules by concreting this condition type
               context-condition case context-manual
                  context-manual leaf This is manual for context condition. Vendors can write instructions for context condition that vendor made
               gen-context-condition case gen-context-manual geographic-location
                  gen-context-manual leaf This is manual for generic context condition. Vendors can write instructions for generic context condition that vendor made
                  geographic-location container The location where network traffic is associated with. The region can be the geographic location such as country, province, and city, as well as the logical network location such as IP address, network section, and network domain.
                     dest-geographic-location leaf This is mapped to ip address. We can acquire destination region through ip address stored the database.
                     src-geographic-location leaf This is mapped to ip address. We can acquire source region through ip address stored the database.
               packet-payload-condition case packet-payload-manual pkt-payload-content
                  packet-payload-manual leaf This is manual for payload condition. Vendors can write instructions for payload condition that vendor made
                  pkt-payload-content leaf The content keyword is very important in signatures. Between the quotation marks you can write on what you would like the signature to match.
               packet-security-condition case packet-manual packet-security-mac-condition packet-security-ipv4-condition packet-security-ipv6-condition packet-security-tcp-condition packet-security-udp-condition packet-security-icmp-condition
                  packet-manual leaf This is manual for packet condition. Vendors can write instructions for packet condition that vendor made
                  packet-security-icmp-condition container The internet control message protocol condition.
                     pkt-sec-cond-icmp-code leaf ICMP subtype, see Control messages.
                     pkt-sec-cond-icmp-seg-num leaf The icmp Sequence Number.
                     pkt-sec-cond-icmp-type leaf ICMP type, see Control messages.
                  packet-security-ipv4-condition container The purpose of this Class is to represent packet IPv4 packet header information that can be used as part of a test to determine if the set of Policy Actions in this ECA Policy Rule should be executed or not.
                     pkt-sec-cond-ipv4-dest leaf Defines the IPv4 Destination Address.
                     pkt-sec-cond-ipv4-fragment leaf IP fragmentation is an Internet Protocol (IP) process that breaks datagrams into smaller pieces (fragments), so that packets may be formed that can pass through a link with a smaller maximum transmission unit (MTU) than the original datagram size.
                     pkt-sec-cond-ipv4-fragment-offset leaf Fragment offset field along with Don't Fragment and More Fragment flags in the IP protocol header are used for fragmentation and reassembly of IP datagrams.
                     pkt-sec-cond-ipv4-geoip leaf The geoip keyword enables you to match on the source, destination or source and destination IP addresses of network traffic and to see to which country it belongs. To do this, Suricata uses GeoIP API with MaxMind database format.
                     pkt-sec-cond-ipv4-header-length leaf The IPv4 packet header consists of 14 fields, of which 13 are required.
                     pkt-sec-cond-ipv4-id leaf This field is an identification field and is primarily used for uniquely identifying the group of fragments of a single IP datagram.
                     pkt-sec-cond-ipv4-ipopts leaf With the ipopts keyword you can check if a specific ip option is set. Ipopts has to be used at the beginning of a rule.
                     pkt-sec-cond-ipv4-protocol leaf Internet Protocol version 4(IPv4) is the fourth version of the Internet Protocol (IP).
                     pkt-sec-cond-ipv4-sameip leaf Every packet has a source IP-address and a destination IP-address. It can be that the source IP is the same as the destination IP.
                     pkt-sec-cond-ipv4-src leaf Defines the IPv4 Source Address.
                     pkt-sec-cond-ipv4-tos leaf The ToS field could specify a datagram's priority and request a route for low-delay, high-throughput, or highly-reliable service..
                     pkt-sec-cond-ipv4-total-length leaf This 16-bit field defines the entire packet size, including header and data, in bytes.
                     pkt-sec-cond-ipv4-ttl leaf The ttl keyword is used to check for a specific IP time-to-live value in the header of a packet.
                  packet-security-ipv6-condition container The purpose of this Class is to represent packet IPv6 packet header information that can be used as part of a test to determine if the set of Policy Actions in this ECA Policy Rule should be executed or not.
                     pkt-sec-cond-ipv6-dest leaf The IPv6 address of the destination node(s).
                     pkt-sec-cond-ipv6-dscp leaf Differentiated Services Code Point (DSCP) of ipv6.
                     pkt-sec-cond-ipv6-ecn leaf ECN allows end-to-end notification of network congestion without dropping packets.
                     pkt-sec-cond-ipv6-flow-label leaf The flow label when set to a non-zero value serves as a hint to routers and switches with multiple outbound paths that these packets should stay on the same path so that they will not be reordered.
                     pkt-sec-cond-ipv6-hop-limit leaf Replaces the time to live field of IPv4.
                     pkt-sec-cond-ipv6-next-header leaf Specifies the type of the next header. This field usually specifies the transport layer protocol used by a packet's payload.
                     pkt-sec-cond-ipv6-payload-length leaf The size of the payload in octets, including any extension headers.
                     pkt-sec-cond-ipv6-src leaf The IPv6 address of the sending node.
                     pkt-sec-cond-ipv6-traffic-class leaf The bits of this field hold two values. The 6 most-significant bits are used for differentiated services, which is used to classify packets.
                  packet-security-mac-condition container The purpose of this Class is to represent packet MAC packet header information that can be used as part of a test to determine if the set of Policy Actions in this ECA Policy Rule should be execute or not.
                     pkt-sec-cond-mac-8021q leaf This is an optional string attribute, and defines The 802.1Q tab value (2 octets long).
                     pkt-sec-cond-mac-dest leaf The MAC destination address (6 octets long).
                     pkt-sec-cond-mac-ether-type leaf The EtherType field (2 octets long). Values up to and including 1500 indicate the size of the payload in octets; values of 1536 and above define which protocol is encapsulated in the payload of the frame.
                     pkt-sec-cond-mac-src leaf The MAC source address (6 octets long).
                     pkt-sec-cond-mac-tci leaf This is an optional string attribute, and defines the Tag Control Information. This consists of a 3 bit user priority field, a drop eligible indicator (1 bit), and a VLAN identifier (12 bits).
                  packet-security-tcp-condition container The purpose of this Class is to represent packet TCP packet header information that can be used as part of a test to determine if the set of Policy Actions in this ECA Policy Rule should be executed or not.
                     pkt-sec-cond-tcp-ack-num leaf If the ACK flag is set then the value of this field is the next sequence number that the sender is expecting.
                     pkt-sec-cond-tcp-flags leaf This is a mandatory string attribute, and defines the nine Control bit flags (9 bits).
                     pkt-sec-cond-tcp-seq-num leaf If the SYN flag is set (1), then this is the initial sequence number.
                     pkt-sec-cond-tcp-window-size leaf The size of the receive window, which specifies the number of windows size units (by default,bytes) (beyond the segment identified by the sequence number in the acknowledgment field) that the sender of this segment is currently willing to recive.
                  packet-security-udp-condition container The purpose of this Class is to represent packet UDP packet header information that can be used as part of a test to determine if the set of Policy Actions in this ECA Policy Rule should be executed or not.
                     pkt-sec-cond-udp-length leaf This is a mandatory string attribute, and defines the length in bytes of the UDP header and data (16 bits).
               target-condition case target-manual device-sec-context-cond
                  device-sec-context-cond leaf The device attribute that can identify a device, including the device type (i.e., router, switch, pc, ios, or android) and the device's owner as well.
                  target-manual leaf This is manual for target condition. Vendors can write instructions for target condition that vendor made
               users-condition case users-manual user group
                  group container The user (or user group) information with which network flow is associated: The user has many attributes such as name, id, password, type, authentication mode and so on. Name/id is often used in the security policy to identify the user. Besides, NSF is aw...
                     group-name choice The name of the user. This must be unique.
                        tenant case Tenant information.
                           tenant leaf User's tenant information.
                        vn-id case VN-ID information.
                           vn-id leaf User's VN-ID information.
                  user container The user (or user group) information with which network flow is associated: The user has many attributes such as name, id, password, type, authentication mode and so on. Name/id is often used in the security policy to identify the user. Besides, NSF is aw...
                     user-name choice The name of the user. This must be unique.
                        tenant case Tenant information.
                           tenant leaf User's tenant information.
                        vn-id case VN-ID information.
                           vn-id leaf User's VN-ID information.
                  users-manual leaf This is manual for user condition. Vendors can write instructions for user condition that vendor made
         default-action container This default action can be used to specify a predefined action when no other alternative action was matched by the currently executing I2NSF Policy Rule. An analogy is the use of a default statement in a C switch statement.
            default-action-type container Ingress action type: permit, deny, and mirror.
               ingress-action-type container Ingress action type: permit, deny, and mirror.
                  alert leaf If ingress action is alert
                  drop leaf If ingress action is drop
                  mirror leaf If ingress action is mirror
                  pass leaf If ingress action is pass
                  reject leaf If ingress action is reject
         event container This is abstract. An event is defined as any important occurrence in time of a change in the system being managed, and/or in the environment of the system being managed. When used in the context of policy rules for a flow-based NSF, it is used to det...
            event-type choice Vendors can use YANG data model to configure rules by concreting this event type
               dev-event case dev-manual dev-sec-event-content dev-sec-event-format dev-sec-event-type dev-sec-event-type-severity
                  dev-manual leaf This is manual for device event. Vendors can write instructions for device event that vendor made
                  dev-sec-event-content leaf This is a mandatory string that contains the content of the DeviceSecurityEvent. The format of the content is specified in the devSecEventFormat class attribute, and the type of event is defined in the devSecEventType class attribute. An example of the de...
                  dev-sec-event-format container This is a mandatory uint 8 enumerated integer, which is used to specify the data type of the devSecEventContent attribute.
                     fqdn leaf If SecEventFormat is FQDN (Fully Qualified Domain Name)
                     fqpn leaf If SecEventFormat is FQPN (Fully Qualified Path Name)
                     guid leaf If SecEventFormat is GUID (Generic Unique IDentifier)
                     unknown leaf If SecEventFormat is unknown
                     uri leaf If SecEventFormat is URI (Uniform Resource Identifier)
                     uuid leaf If SecEventFormat is UUID (Universal Unique IDentifier)
                  dev-sec-event-type container This is a mandatory uint 8 enumerated integer, which is used to specify the type of event that was generated by this device.
                  dev-sec-event-type-severity container This is a mandatory uint 8 enumerated integer, which is used to specify the perceived severity of the event generated by this Device.
                     cleared leaf If devSecEventTypeSeverity is cleared
                     critical leaf If devSecEventTypeSeverity is critical
                     indeterminate leaf If devSecEventTypeSeverity is indeterminate
                     major leaf If devSecEventTypeSeverity is major
                     minor leaf If devSecEventTypeSeverity is minor
                     unknown leaf If devSecEventType is unknown
                     warning leaf If devSecEventTypeSeverity is warning
                     comm-alarm leaf If devSecEventType is communications alarm
                     environmental-err-alarm leaf If devSecEventType is environmental error alarm
                     equipment-err-alarm leaf If devSecEventType is equipment error alarm
                     process-err-alarm leaf If devSecEventType is processing error alarm
                     quality-of-service-alarm leaf If devSecEventType is quality of service alarm
                     unknown leaf If devSecEventType is unknown
               sys-event case sys-manual sys-sec-event-content sys-sec-event-format sys-sec-event-type
                  sys-manual leaf This is manual for system event. Vendors can write instructions for system event that vendor made
                  sys-sec-event-content leaf This is a mandatory string that contains a content of the SystemSecurityEvent. The format of a content is specified in a sysSecEventFormat class attribute, and the type of event is defined in the sysSecEventType class attribute. An example of the sysSecEv...
                  sys-sec-event-format container This is a mandatory uint 8 enumerated integer, which is used to specify the data type of the sysSecEventContent attribute.
                     fqdn leaf If SecEventFormat is FQDN (Fully Qualified Domain Name)
                     fqpn leaf If SecEventFormat is FQPN (Fully Qualified Path Name)
                     guid leaf If SecEventFormat is GUID (Generic Unique IDentifier)
                     unknown leaf If SecEventFormat is unknown
                     uri leaf If SecEventFormat is URI (Uniform Resource Identifier)
                     uuid leaf If SecEventFormat is UUID (Universal Unique IDentifier)
                  sys-sec-event-type container This is a mandatory uint 8 enumerated integer, which is used to specify the type of event that involves this device.
                     audit-log-cleared leaf If sysSecEventTypeSeverity is that audit log is cleared
                     audit-log-written-to leaf If sysSecEventTypeSeverity is that audit log is written to
                     policy-created leaf If sysSecEventTypeSeverity is that policy is created
                     policy-deleted leaf If sysSecEventTypeSeverity is that policy is deleted
                     policy-edited leaf If sysSecEventTypeSeverity is that policy is edited
                     policy-executed leaf If sysSecEventTypeSeverity is that policy is executed
                     unknown leaf If sysSecEventType is unknown
               time-event case time-manual time-sec-event-begin time-sec-event-end time-sec-event-time-zone
                  time-manual leaf This is manual for time event. Vendors can write instructions for time event that vendor made
                  time-sec-event-begin leaf This is a mandatory DateTime attribute, and represents the beginning of a time period. It has a value that has a date and/or a time component (as in the Java or Python libraries).
                  time-sec-event-end leaf This is a mandatory DateTime attribute, and represents the end of a time period. It has a value that has a date and/or a time component (as in the Java or Python libraries). If this is a single event occurrence, and not a time period when the event can oc...
                  time-sec-event-time-zone leaf This is a mandatory string attribute, and defines a time zone that this event occurred in using the format specified in ISO8601.
               usr-event case usr-manual usr-sec-event-content usr-sec-event-format usr-sec-event-type
                  usr-manual leaf This is manual for user event. Vendors can write instructions for user event that vendor made
                  usr-sec-event-content leaf This is a mandatory string that contains the content of the UserSecurityEvent. The format of the content is specified in the usrSecEventFormat class attribute, and the type of event is defined in the usrSecEventType class attribute. An example of the usrS...
                  usr-sec-event-format container This is a mandatory uint 8 enumerated integer, which is used to specify the data type of the usrSecEventContent attribute. The content is specified in the usrSecEventContent class attribute, and the type of event is defined in the usrSecEventType class at...
                     fqdn leaf If SecEventFormat is FQDN (Fully Qualified Domain Name)
                     fqpn leaf If SecEventFormat is FQPN (Fully Qualified Path Name)
                     guid leaf If SecEventFormat is GUID (Generic Unique IDentifier)
                     unknown leaf If SecEventFormat is unknown
                     uri leaf If SecEventFormat is URI (Uniform Resource Identifier)
                     uuid leaf If SecEventFormat is UUID (Universal Unique IDentifier)
                  usr-sec-event-type container This is a mandatory uint 8 enumerated integer, which is used to specify the type of event that involves this user. The content and format are specified in the usrSecEventContent and usrSecEventFormat class attributes, respectively. An example of the usrSe...
                     unknown leaf If usrSecEventType is unknown
                     user-access-granted leaf If usrSecEventType is user granted
                     user-access-request leaf If usrSecEventType is user access request
                     user-access-violation leaf If usrSecEventType is user violation
                     user-created leaf If usrSecEventType is new user created
                     user-deleted leaf If usrSecEventType is user deleted
                     user-grp-created leaf If usrSecEventType is new user group created
                     user-grp-deleted leaf If usrSecEventType is user group deleted
                     user-logoff leaf If usrSecEventType is user logoff
                     user-logon leaf If usrSecEventType is user logon
         nsc-capabilities-name leaf nsc-capabilities-name
         resolution-strategy container The resolution strategies can be used to specify how to resolve conflicts that occur between the actions of the same or different policy rules that are matched and contained in this particular NSF
            first-matching-rule leaf If the resolution strategy is first matching rule
            last-matching-rule leaf If the resolution strategy is last matching rule
         rule-description leaf This is rule-description.
         rule-priority leaf This is rule-priority
         rule-rev leaf This is rule-revision
         time-zone container This can be used to apply rules according to time
            end-time leaf This is end time for time zone
            start-time leaf This is start time for time zone
   nsf-address container This is location information for capabilities.
      nsf-address-type choice nsf address type: ipv4 and ipv4
         ipv4-address case ipv4 case
            ipv4-address leaf nsf address type is ipv4
         ipv6-address case ipv6 case
            ipv6-address leaf nsf address type is ipv6
   nsf-name leaf nsf-name
   nsf-type leaf This is type of NSF.
   target-device container it-resources
      iot leaf If type of a device is Internet of Things.
      mobile-phone leaf If type of a device is mobile-phone.
      pc leaf If type of a device is PC.
      tablet leaf If type of a device is tablet.
      vehicle leaf If type of a device is vehicle.
      voip-volte-phone leaf If type of a device is voip-volte-phone.

RPC Methods

RPC Abstract
call-appropriate-nsf We can acquire appropriate NSF that we want If we give type of NSF that we want to use, we acquire the location information of NSF