netconfcentral logo

ietf-i2nsf-cf-interface

HTML

ietf-i2nsf-cf-interface@2017-11-14



  module ietf-i2nsf-cf-interface {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-i2nsf-cf-interface";

    prefix cf-interface;

    import ietf-yang-types {
      prefix yang;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
     Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
     WG List: <mailto:i2nsf@ietf.org>

     WG Chair: Adrian Farrel
     <mailto:Adrain@olddog.co.uk>

     WG Chair: Linda Dunbar
     <mailto:Linda.duhbar@huawei.com>

     Editor: Jaehoon Paul Jeong
     <mailto:pauljeong@skku.edu>";

    description
      "This module defines a YANG data module for consumer-facing
     interface to security controller.";

    revision "2017-11-14" {
      description "Fifth revision";
      reference
        "draft-kumar-i2nsf-client-facing-interface-im-04";

    }


    container ietf-i2nsf-consumer-facing-interface {
      description "grouping Policy";
      container policy {
        description
          "This object is a policy instance to have
            complete information such as where and when
            a policy need to be applied.";
        list rule {
          key "rule-id";
          description
            "This is a container for rules.";
          leaf rule-id {
            type uint16;
            description
              "This is ID for rules.";
          }

          leaf name {
            type string;
            description
              "This field idenfifies the name of this object.";
          }

          leaf date {
            type yang:date-and-time;
            description
              "Date this object was created or last
              modified";
          }

          list event {
            key "event-id";
            description
              "This represents the security event of a
              policy-rule.";
            leaf event-id {
              type string;
              mandatory true;
              description
                "This represents the event-id.";
            }

            leaf name {
              type string;
              description
                "This field idenfifies the name of this object.";
            }

            leaf date {
              type yang:date-and-time;
              description
                "Date this object was created or last
              modified";
            }

            leaf event-type {
              type string;
              description
                "This field identifies the event of
              policy enforcement trigger type.";
            }

            list time-information {
              key "time-information-id";
              description
                "This field contains time calendar such as
             BEGIN-TIME and END-TIME for one time
             enforcement or recurring time calendar for
             periodic enforcement.";
              leaf time-information-id {
                type string;
                description
                  "this is a time information id.";
              }

              leaf start-time {
                type yang:date-and-time;
                description
                  "start time information.";
              }

              leaf end-time {
                type yang:date-and-time;
                description
                  "end time information.";
              }
            }  // list time-information

            leaf event-map-group {
              type string;
              description
                "This field contains security events or threat
            map in order to determine when a policy need
            to be activated. This is a reference to
            Evnet-Map-Group.";
            }

            leaf enable {
              type boolean;
              description
                "This determines whether the condition
              matches the security event or not.";
            }
          }  // list event

          list condition {
            key "condition-id";
            description
              "This represents the condition of a
              policy-rule.";
            leaf condition-id {
              type string;
              description
                "This represents the condition-id.";
            }

            leaf source {
              type string;
              description
                "This field identifies the source of
              the traffic. This could be reference to
              either 'Policy Endpoint Group' or
              'Threat-Feed' or 'Custom-List' if Security
              Admin wants to specify the source; otherwise,
              the default is to match all traffic.";
            }

            leaf destination {
              type string;
              description
                "This field identifies the source of
              the traffic. This could be reference to
              either 'Policy Endpoint Group' or
              'Threat-Feed' or 'Custom-List' if Security
              Admin wants to specify the source; otherwise,
              the default is to match all traffic.";
            }

            leaf match {
              type boolean;
              description
                "This field identifies the match criteria used to
             evaluate whether the specified action need to be
             taken or not.  This could be either a Policy-
             Endpoint-Group identifying a Application set or a
             set of traffic rules.";
            }

            leaf match-direction {
              type enumeration {
                enum "one-direction" {
                  value 0;
                  description
                    "one direction traffic.";
                }
                enum "both-direction" {
                  value 1;
                  description
                    "both direction traffic.";
                }
              }
              description
                "This field identifies if the match criteria is
             to evaluated for both direction of the traffic or
             only in one direction with default of allowing in
             the other direction for stateful match conditions.
             This is optional and by default rule should apply
             in both directions.";
            }

            leaf exception {
              type string;
              description
                "This field identifies the exception
              consideration when a rule is evaluated for a
              given communication.  This could be reference to
              Policy-Endpoint-Group object or set of traffic
              matching criteria.";
            }

            list policy-action {
              key "policy-action-id";
              description
                "This object represents actions that a
            Security Admin wants to perform based on
            a certain traffic class.";
              leaf policy-action-id {
                type string;
                mandatory true;
                description
                  "this represents the policy-action-id.";
              }

              leaf name {
                type string;
                description
                  "The name of the policy-action object.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "When the object was created or last
              modified.";
              }

              leaf primary-action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description "permit.";
                  }
                  enum "deny" {
                    value 1;
                    description "deny.";
                  }
                  enum "rate-limit" {
                    value 2;
                    description
                      "rate-limit.";
                  }
                  enum "traffic-class" {
                    value 3;
                    description
                      "traffic-class.";
                  }
                  enum
                    "authenticate-session" {
                    value 4;
                    description
                      "authenticate-session";
                  }
                  enum "ips" {
                    value 5;
                    description "ips.";
                  }
                  enum "app-firewall" {
                    value 6;
                    description
                      "app-firewall.";
                  }
                }
                description
                  "This field identifies the action when a rule
              is matched by NSF. The action could be one of
              'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS',
              'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.";
              }

              leaf secondary-action {
                type enumeration {
                  enum "log" {
                    value 0;
                    description "log.";
                  }
                  enum "syslog" {
                    value 1;
                    description "syslog.";
                  }
                  enum "session-log" {
                    value 2;
                    description
                      "session-log.";
                  }
                }
                description
                  "This field identifies additional actions if
              a rule is matched. This could be one of 'LOG',
              'SYSLOG', 'SESSION-LOG', etc.";
              }

              leaf owner {
                type string;
                description
                  "This field defines the owner of this
              policy. Only the owner is authorized to
              modify the contents of the policy.";
              }
            }  // list policy-action
          }  // list condition

          container multi-tenancy {
            description
              "The descriptions of multi-tenancy.";
            list policy-domain {
              key "policy-domain-id";
              description
                "this represent the list of policy domains";
              leaf policy-domain-id {
                type uint16;
                description
                  "This represents the list of domains.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "Name of the organization or customer representing
              this domain.";
              }

              leaf address {
                type string;
                description
                  "address of an organization or customer.";
              }

              leaf contact {
                type string;
                mandatory true;
                description
                  "contact information of the organization
               or customer.";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "The date when this account was created
              or last modified.";
              }

              leaf authentication-method {
                type string;
                mandatory true;
                description
                  "The description of authentication method;
              token-based, password, certificate,
              single-sign-on";
              }
            }  // list policy-domain

            list policy-tenant {
              key "policy-tenant-id";
              description
                "This represents the list of tenants";
              leaf policy-tenant-id {
                type uint16;
                description
                  "The policy tenant id.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "Name of the Department or Division within
               an organization.";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "Date this account was created or last modified.";
              }

              leaf domain {
                type string;
                mandatory true;
                description
                  "This field identifies the domain to which this
            tenant belongs. This should be reference to a
            'Policy-Domain' object.";
              }
            }  // list policy-tenant

            list policy-role {
              key "policy-role-id";
              description
                "This represents the list of policy roles.";
              leaf policy-role-id {
                type uint16;
                mandatory true;
                description
                  "This defines a set of permissions assigned
            to a user in an organization that want to manage
            its own Security Policies.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "This field identifies name of the role.";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "Date this role was created or last modified.";
              }

              leaf access-profile {
                type string;
                mandatory true;
                description
                  "This field identifies the access profile for the
              role. The profile grants or denies access to policy
              objects.  Multiple access profiles can be
              concatenated together.";
              }
            }  // list policy-role

            list policy-user {
              key "policy-user-id";
              description
                "This represents the list of policy users.";
              leaf policy-user-id {
                type uint16;
                description
                  "This represents the policy-user-id.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "The name of a user.";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "Date this user was created or last modified";
              }

              leaf password {
                type string;
                mandatory true;
                description
                  "User password for basic authentication";
              }

              leaf email {
                type string;
                mandatory true;
                description
                  "The email account of a user";
              }

              leaf scope-type {
                type string;
                description
                  "identifies whether a user has domain-wide
              or tenant-wide privileges";
              }

              leaf scope-reference {
                type string;
                description
                  "This references policy-domain or policy-tenant
              to identify the scope.";
              }

              leaf role {
                type string;
                mandatory true;
                description
                  "This references policy-role to define specific
              permissions";
              }
            }  // list policy-user

            list policy-mgmt-auth-method {
              key "policy-mgnt-auth-method-id";
              description
                "The descriptions of policy management
            authentication methods.";
              leaf policy-mgnt-auth-method-id {
                type uint16;
                description
                  "This represents the authentication method id.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "name of the authentication method";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "date when the authentication method
              was created";
              }

              leaf authentication-method {
                type string;
                mandatory true;
                description
                  "The description of authentication method;
              token-based, password, certificate,
              single-sign-on";
              }

              leaf mutual-authentication {
                type boolean;
                mandatory true;
                description
                  "To identify whether the authentication
               is mutual";
              }

              leaf token-server {
                type string;
                mandatory true;
                description
                  "The token-server information if the
              authentication method is token-based";
              }

              leaf certificate-server {
                type string;
                mandatory true;
                description
                  "The certificate-server information if
              the authentication method is certificate-based";
              }

              leaf single-sing-on-server {
                type string;
                mandatory true;
                description
                  "The single-sign-on-server information
              if the authentication method is
              single-sign-on-based";
              }
            }  // list policy-mgmt-auth-method
          }  // container multi-tenancy

          container end-group {
            description
              "A logical entity in their business
          environment, where a security policy
          is to be applied.";
            list meta-data-source {
              key "meta-data-source-id";
              description
                "This represents the meta-data source.";
              leaf meta-data-source-id {
                type uint16;
                mandatory true;
                description
                  "This represents the meta-data source id.";
              }

              leaf name {
                type string;
                mandatory true;
                description
                  "This identifies the name of the
              meta-datas-ource.";
              }

              leaf date {
                type yang:date-and-time;
                mandatory true;
                description
                  "This identifies the date this object was
              created or last modified.";
              }

              leaf tag-type {
                type boolean;
                description
                  "This identifies the group type; user group,
              app group or device group.";
              }

              leaf tag-server-information {
                type string;
                description
                  "The description of suthentication method;
              token-based, password, certificate,
              single-sign-on";
              }

              leaf tag-application-protocol {
                type string;
                description
                  "This filed identifies the protocol e.g. LDAP,
              Active Directory, or CMDB";
              }

              leaf tag-server-credential {
                type string;
                description
                  "This field identifies the credential
              information needed to access the tag server";
              }
            }  // list meta-data-source

            list user-group {
              key "user-group-id";
              description
                "This represents the user group.";
              leaf user-group-id {
                type uint16;
                mandatory true;
                description
                  "This represents the the user group id.";
              }

              leaf name {
                type string;
                description
                  "This field identifies the name of user-group.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "when this user-group was created or last modified.";
              }

              leaf group-type {
                type string;
                description
                  "This describes the group type; User-tag,
              User-name or IP-address.";
              }

              leaf meta-data-server {
                type string;
                description
                  "This references metadata source";
              }

              leaf group-member {
                type string;
                description
                  "This describes the user-tag information";
              }

              leaf risk-level {
                type uint16;
                description
                  "This represents the threat level; valid range
               may be 0 to 9.";
              }
            }  // list user-group

            list device-group {
              key "device-group-id";
              description
                "This represents a device group.";
              leaf device-group-id {
                type uint16;
                description
                  "This represents a device group id.";
              }

              leaf name {
                type string;
                description
                  "This field identifies the name of
              a device-group.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "The date when this group was create or
            last modified.";
              }

              leaf group-type {
                type string;
                description
                  "This describes the group type; device-tag,
              device-name or IP-address.";
              }

              leaf meta-data-server {
                type string;
                description
                  "This references meta-data-source
              object.";
              }

              leaf group-member {
                type string;
                description
                  "This describes the device-tag, device-name or
              IP-address information";
              }

              leaf risk-level {
                type uint16;
                description
                  "This represents the threat level; valid range
              may be 0 to 9.";
              }
            }  // list device-group

            list application-group {
              key "application-group-id";
              description
                "This represents an application group.";
              leaf application-group-id {
                type uint16;
                description
                  "This represents an application group id.";
              }

              leaf name {
                type string;
                description
                  "This field identifies the name of
            an application group";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "The date when this group was created or
            last modified.";
              }

              leaf group-type {
                type string;
                description
                  "This identifies the group type;
              application-tag, application-name or
              IP-address.";
              }

              leaf meta-data-server {
                type string;
                description
                  "This references meta-data-source
              object.";
              }

              leaf group-member {
                type string;
                description
                  "This describes the application-tag,
              application-name or IP-address information";
              }

              leaf risk-level {
                type uint16;
                description
                  "This represents the threat level; valid range
               may be 0 to 9.";
              }
            }  // list application-group

            list location-group {
              key "location-group-id";
              description
                "This represents a location group.";
              leaf location-group-id {
                type uint16;
                description
                  "This represents a location group id.";
              }

              leaf name {
                type string;
                description
                  "This field identifies the name of
            a location group";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "The date when this group was created or
            last modified.";
              }

              leaf group-type {
                type string;
                description
                  "This identifies the group type;
              location-tag, location-name or
              IP-address.";
              }

              leaf meta-data-server {
                type string;
                description
                  "This references meta-data-source
              object.";
              }

              leaf group-member {
                type string;
                description
                  "This describes the location-tag,
              location-name or IP-address information";
              }

              leaf risk-level {
                type uint16;
                description
                  "This represents the threat level; valid range
               may be 0 to 9.";
              }
            }  // list location-group
          }  // container end-group

          container threat-feed {
            description
              "this describes the list of threat-feed.";
            list threat-feed {
              key "threat-feed-id";
              description
                "This represents the threat feed within the
            threat-prevention-list.";
              leaf threat-feed-id {
                type uint16;
                mandatory true;
                description
                  "This represents the threat-feed-id.";
              }

              leaf name {
                type string;
                description
                  "Name of the theat feed.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "when the threat-feed was created.";
              }

              leaf feed-type {
                type enumeration {
                  enum "unknown" {
                    value 0;
                    description
                      "feed-type is unknown.";
                  }
                  enum "ip-address" {
                    value 1;
                    description
                      "feed-type is IP address.";
                  }
                  enum "url" {
                    value 2;
                    description
                      "feed-type is URL.";
                  }
                }
                mandatory true;
                description
                  "This determined whether the feed-type is IP address
              based or URL based.";
              }

              leaf feed-server {
                type string;
                description
                  "this contains threat feed server information.";
              }

              leaf feed-priority {
                type uint16;
                description
                  "this describes the priority of the threat from
              0 to 5, where 0 means the threat is minimum and
              5 meaning the maximum.";
              }
            }  // list threat-feed

            list custom-list {
              key "custom-list-id";
              description
                "this describes the threat-prevention custom list.";
              leaf custom-list-id {
                type uint16;
                description
                  "this describes the custom-list-id.";
              }

              leaf name {
                type string;
                description
                  "Name of the custom-list.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "when the custom list was created.";
              }

              leaf list-type {
                type enumeration {
                  enum "unknown" {
                    value 0;
                    description
                      "list-type is unknown.";
                  }
                  enum "ip-address" {
                    value 1;
                    description
                      "list-type is IP address.";
                  }
                  enum "mac-address" {
                    value 2;
                    description
                      "list-type is MAC address.";
                  }
                  enum "url" {
                    value 3;
                    description
                      "list-type is URL.";
                  }
                }
                mandatory true;
                description
                  "This determined whether the feed-type is IP address
              based or URL based.";
              }

              leaf list-property {
                type enumeration {
                  enum "unknown" {
                    value 0;
                    description
                      "list-property is unknown.";
                  }
                  enum "blacklist" {
                    value 1;
                    description
                      "list-property is blacklist.";
                  }
                  enum "whitelist" {
                    value 2;
                    description
                      "list-property is whitelist.";
                  }
                }
                mandatory true;
                description
                  "This determined whether the list-type is blacklist
              or whitelist.";
              }

              leaf list-content {
                type string;
                description
                  "This describes the contents of the custom-list.";
              }
            }  // list custom-list

            list malware-scan-group {
              key "malware-scan-group-id";
              description
                "This represents the malware-scan-group.";
              leaf malware-scan-group-id {
                type uint16;
                mandatory true;
                description
                  "This is the malware-scan-group-id.";
              }

              leaf name {
                type string;
                description
                  "Name of the malware-scan-group.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "when the malware-scan-group was created.";
              }

              leaf signature-server {
                type string;
                description
                  "This describes the signature server of the
              malware-scan-group.";
              }

              leaf file-types {
                type string;
                description
                  "This contains a list of file types needed to
              be scanned for the virus.";
              }

              leaf malware-signatures {
                type string;
                description
                  "This contains a list of malware signatures or hash.";
              }
            }  // list malware-scan-group

            list event-map-group {
              key "event-map-group-id";
              description
                "This represents the event map group.";
              leaf event-map-group-id {
                type uint16;
                mandatory true;
                description
                  "This is the event-map-group-id.";
              }

              leaf name {
                type string;
                description
                  "Name of the event-map.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "when the event-map was created.";
              }

              leaf security-events {
                type string;
                description
                  "This contains a list of security events.";
              }

              leaf threat-map {
                type string;
                description
                  "This contains a list of threat levels.";
              }
            }  // list event-map-group
          }  // container threat-feed

          container telemetry-data {
            description
              "Telemetry provides visibility into the network
          activities which can be tapped for further
          security analytics, e.g., detecting potential
          vulnerabilities, malicious activities, etc.";
            list telemetry-data {
              key "telemetry-data-id";
              description
                "This is ID for telemetry-data.";
              leaf telemetry-data-id {
                type uint16;
                mandatory true;
                description
                  "This is ID for telemetry-data-id.";
              }

              leaf name {
                type string;
                description
                  "Name of the telemetry-data object.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "This field states when the telemery-data
              object was created.";
              }

              leaf logs {
                type boolean;
                description
                  "This field identifies whether logs
              need to be collected.";
              }

              leaf syslogs {
                type boolean;
                description
                  "This field identifies whether System logs
              need to be collected.";
              }

              leaf snmp {
                type boolean;
                description
                  "This field identifies whether 'SNMP traps' and
              'SNMP alarms' need to be collected.";
              }

              leaf sflow {
                type boolean;
                description
                  "This field identifies whether 'sFlow' data
              need to be collected.";
              }

              leaf netflow {
                type boolean;
                description
                  "This field identifies whether 'NetFlow' data
              need to be collected.";
              }

              leaf interface-stats {
                type boolean;
                description
                  "This field identifies whether 'Interface' data
              such as packet bytes and counts need to be
              collected.";
              }
            }  // list telemetry-data

            list telemetry-source {
              key "telemetry-source-id";
              description
                "This is ID for telemetry-source.";
              leaf telemetry-source-id {
                type uint16;
                mandatory true;
                description
                  "This is ID for telemetry-source-id.";
              }

              leaf name {
                type string;
                description
                  "This identifies the name of this object.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "Date this object was created or last modified";
              }

              leaf source-type {
                type string;
                description
                  "This should have one of the following type of
              the NSF telemetry source: NETWORK-NSF,
              FIREWALL-NSF, IDS-NSF, IPS-NSF,
              PROXY-NSF, VPN-NSF, DNS, ACTIVE-DIRECTORY,
              IP Reputation Authority, Web Reputation
              Authority, Anti-Malware Sandbox, Honey Pot,
              DHCP, Other Third Party, ENDPOINT";
              }

              leaf nsf-access-parameters {
                type string;
                description
                  "This field contains information such as
              IP address and protocol (UDP or TCP) port
              number of the NSF providing telemetry data.";
              }

              leaf nsf-access-credentials {
                type string;
                description
                  "This field contains username and password
              to authenticate with the NSF.";
              }

              leaf collection-interval {
                type uint16;
                units "seconds";
                default '5000';
                description
                  "This field contains time in milliseconds
             between each data collection. For example,
             a value of 5000 means data is streamed to
             collector every 5 seconds. Value of 0 means
             data streaming is event-based";
              }

              leaf collection-method {
                type enumeration {
                  enum "unknown" {
                    value 0;
                    description
                      "collection-method is unknown.";
                  }
                  enum "push-based" {
                    value 1;
                    description
                      "collection-method is PUSH-based.";
                  }
                  enum "pull-based" {
                    value 2;
                    description
                      "collection-method is PULL-based.";
                  }
                }
                description
                  "This field contains a method of collection,
            i.e., whether it is PUSH-based or PULL-based.";
              }

              leaf heartbeat-interval {
                type uint16;
                units "seconds";
                description
                  "time in seconds the source sends telemetry
            heartbeat.";
              }

              leaf qos-marking {
                type uint8;
                description
                  "DSCP value must be contained in this field.";
              }
            }  // list telemetry-source

            list telemetry-destination {
              key "telemetry-destination-id";
              description
                "This object contains information related to
          telemetry destination. The destination is
          usually a collector which is either a part of
          Security Controller or external system
          such as Security Information and Event
          Management (SIEM).";
              leaf telemetry-destination-id {
                type uint16;
                description
                  "this represents the telemetry-destination-id";
              }

              leaf name {
                type string;
                description
                  "This identifies the name of this object.";
              }

              leaf date {
                type yang:date-and-time;
                description
                  "Date this object was created or last
              modified";
              }

              leaf collector-state {
                type string;
                description
                  "This describes collector state information.";
              }

              leaf collector-credentials {
                type string;
                description
                  "iThis field contains the username and
             password for the collector.";
              }

              leaf collector-source {
                type string;
                description
                  "This field contains information such as
              IP address and protocol (UDP or TCP) port
              number for the collector's destination.";
              }

              leaf data-encoding {
                type string;
                description
                  "This field contains the telemetry data encoding
            in the form of schema.";
              }

              leaf data-transport {
                type string;
                description
                  "This field contains streaming telemetry data
            protocols. This could be gRPC, protocol
            buffer over UDP, etc.";
              }
            }  // list telemetry-destination
          }  // container telemetry-data
        }  // list rule
      }  // container policy
    }  // container ietf-i2nsf-consumer-facing-interface
  }  // module ietf-i2nsf-cf-interface

Summary

  
  
Organization IETF I2NSF (Interface to Network Security Functions) Working Group
  
Module ietf-i2nsf-cf-interface
Version 2017-11-14
File ietf-i2nsf-cf-interface@2017-11-14.yang
  
Prefix cf-interface
Namespace urn:ietf:params:xml:ns:yang:ietf-i2nsf-cf-interface
  
Cooked /cookedmodules/ietf-i2nsf-cf-interface/2017-11-14
YANG /src/ietf-i2nsf-cf-interface@2017-11-14.yang
XSD /xsd/ietf-i2nsf-cf-interface@2017-11-14.xsd
  
Abstract This module defines a YANG data module for consumer-facing interface to security controller.
  
Contact
WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>

WG Chair: Adrian Farrel
<mailto:Adrain@olddog.co.uk>

WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>

Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>

Description

 
This module defines a YANG data module for consumer-facing
interface to security controller.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
ietf-i2nsf-consumer-facing-interface container grouping Policy
   policy container This object is a policy instance to have complete information such as where and when a policy need to be applied.
      rule list This is a container for rules.
         condition list This represents the condition of a policy-rule.
            condition-id leaf This represents the condition-id.
            destination leaf This field identifies the source of the traffic. This could be reference to either 'Policy Endpoint Group' or 'Threat-Feed' or 'Custom-List' if Security Admin wants to specify the source; otherwise, the default is to match all traffic.
            exception leaf This field identifies the exception consideration when a rule is evaluated for a given communication. This could be reference to Policy-Endpoint-Group object or set of traffic matching criteria.
            match leaf This field identifies the match criteria used to evaluate whether the specified action need to be taken or not. This could be either a Policy- Endpoint-Group identifying a Application set or a set of traffic rules.
            match-direction leaf This field identifies if the match criteria is to evaluated for both direction of the traffic or only in one direction with default of allowing in the other direction for stateful match conditions. This is optional and by default rule should apply in both...
            policy-action list This object represents actions that a Security Admin wants to perform based on a certain traffic class.
               date leaf When the object was created or last modified.
               name leaf The name of the policy-action object.
               owner leaf This field defines the owner of this policy. Only the owner is authorized to modify the contents of the policy.
               policy-action-id leaf this represents the policy-action-id.
               primary-action leaf This field identifies the action when a rule is matched by NSF. The action could be one of 'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS', 'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.
               secondary-action leaf This field identifies additional actions if a rule is matched. This could be one of 'LOG', 'SYSLOG', 'SESSION-LOG', etc.
            source leaf This field identifies the source of the traffic. This could be reference to either 'Policy Endpoint Group' or 'Threat-Feed' or 'Custom-List' if Security Admin wants to specify the source; otherwise, the default is to match all traffic.
         date leaf Date this object was created or last modified
         end-group container A logical entity in their business environment, where a security policy is to be applied.
            application-group list This represents an application group.
               application-group-id leaf This represents an application group id.
               date leaf The date when this group was created or last modified.
               group-member leaf This describes the application-tag, application-name or IP-address information
               group-type leaf This identifies the group type; application-tag, application-name or IP-address.
               meta-data-server leaf This references meta-data-source object.
               name leaf This field identifies the name of an application group
               risk-level leaf This represents the threat level; valid range may be 0 to 9.
            device-group list This represents a device group.
               date leaf The date when this group was create or last modified.
               device-group-id leaf This represents a device group id.
               group-member leaf This describes the device-tag, device-name or IP-address information
               group-type leaf This describes the group type; device-tag, device-name or IP-address.
               meta-data-server leaf This references meta-data-source object.
               name leaf This field identifies the name of a device-group.
               risk-level leaf This represents the threat level; valid range may be 0 to 9.
            location-group list This represents a location group.
               date leaf The date when this group was created or last modified.
               group-member leaf This describes the location-tag, location-name or IP-address information
               group-type leaf This identifies the group type; location-tag, location-name or IP-address.
               location-group-id leaf This represents a location group id.
               meta-data-server leaf This references meta-data-source object.
               name leaf This field identifies the name of a location group
               risk-level leaf This represents the threat level; valid range may be 0 to 9.
            meta-data-source list This represents the meta-data source.
               date leaf This identifies the date this object was created or last modified.
               meta-data-source-id leaf This represents the meta-data source id.
               name leaf This identifies the name of the meta-datas-ource.
               tag-application-protocol leaf This filed identifies the protocol e.g. LDAP, Active Directory, or CMDB
               tag-server-credential leaf This field identifies the credential information needed to access the tag server
               tag-server-information leaf The description of suthentication method; token-based, password, certificate, single-sign-on
               tag-type leaf This identifies the group type; user group, app group or device group.
            user-group list This represents the user group.
               date leaf when this user-group was created or last modified.
               group-member leaf This describes the user-tag information
               group-type leaf This describes the group type; User-tag, User-name or IP-address.
               meta-data-server leaf This references metadata source
               name leaf This field identifies the name of user-group.
               risk-level leaf This represents the threat level; valid range may be 0 to 9.
               user-group-id leaf This represents the the user group id.
         event list This represents the security event of a policy-rule.
            date leaf Date this object was created or last modified
            enable leaf This determines whether the condition matches the security event or not.
            event-id leaf This represents the event-id.
            event-map-group leaf This field contains security events or threat map in order to determine when a policy need to be activated. This is a reference to Evnet-Map-Group.
            event-type leaf This field identifies the event of policy enforcement trigger type.
            name leaf This field idenfifies the name of this object.
            time-information list This field contains time calendar such as BEGIN-TIME and END-TIME for one time enforcement or recurring time calendar for periodic enforcement.
               end-time leaf end time information.
               start-time leaf start time information.
               time-information-id leaf this is a time information id.
         multi-tenancy container The descriptions of multi-tenancy.
            policy-domain list this represent the list of policy domains
               address leaf address of an organization or customer.
               authentication-method leaf The description of authentication method; token-based, password, certificate, single-sign-on
               contact leaf contact information of the organization or customer.
               date leaf The date when this account was created or last modified.
               name leaf Name of the organization or customer representing this domain.
               policy-domain-id leaf This represents the list of domains.
            policy-mgmt-auth-method list The descriptions of policy management authentication methods.
               authentication-method leaf The description of authentication method; token-based, password, certificate, single-sign-on
               certificate-server leaf The certificate-server information if the authentication method is certificate-based
               date leaf date when the authentication method was created
               mutual-authentication leaf To identify whether the authentication is mutual
               name leaf name of the authentication method
               policy-mgnt-auth-method-id leaf This represents the authentication method id.
               single-sing-on-server leaf The single-sign-on-server information if the authentication method is single-sign-on-based
               token-server leaf The token-server information if the authentication method is token-based
            policy-role list This represents the list of policy roles.
               access-profile leaf This field identifies the access profile for the role. The profile grants or denies access to policy objects. Multiple access profiles can be concatenated together.
               date leaf Date this role was created or last modified.
               name leaf This field identifies name of the role.
               policy-role-id leaf This defines a set of permissions assigned to a user in an organization that want to manage its own Security Policies.
            policy-tenant list This represents the list of tenants
               date leaf Date this account was created or last modified.
               domain leaf This field identifies the domain to which this tenant belongs. This should be reference to a 'Policy-Domain' object.
               name leaf Name of the Department or Division within an organization.
               policy-tenant-id leaf The policy tenant id.
            policy-user list This represents the list of policy users.
               date leaf Date this user was created or last modified
               email leaf The email account of a user
               name leaf The name of a user.
               password leaf User password for basic authentication
               policy-user-id leaf This represents the policy-user-id.
               role leaf This references policy-role to define specific permissions
               scope-reference leaf This references policy-domain or policy-tenant to identify the scope.
               scope-type leaf identifies whether a user has domain-wide or tenant-wide privileges
         name leaf This field idenfifies the name of this object.
         rule-id leaf This is ID for rules.
         telemetry-data container Telemetry provides visibility into the network activities which can be tapped for further security analytics, e.g., detecting potential vulnerabilities, malicious activities, etc.
            telemetry-data list This is ID for telemetry-data.
               date leaf This field states when the telemery-data object was created.
               interface-stats leaf This field identifies whether 'Interface' data such as packet bytes and counts need to be collected.
               logs leaf This field identifies whether logs need to be collected.
               name leaf Name of the telemetry-data object.
               netflow leaf This field identifies whether 'NetFlow' data need to be collected.
               sflow leaf This field identifies whether 'sFlow' data need to be collected.
               snmp leaf This field identifies whether 'SNMP traps' and 'SNMP alarms' need to be collected.
               syslogs leaf This field identifies whether System logs need to be collected.
               telemetry-data-id leaf This is ID for telemetry-data-id.
            telemetry-destination list This object contains information related to telemetry destination. The destination is usually a collector which is either a part of Security Controller or external system such as Security Information and Event Management (SIEM).
               collector-credentials leaf iThis field contains the username and password for the collector.
               collector-source leaf This field contains information such as IP address and protocol (UDP or TCP) port number for the collector's destination.
               collector-state leaf This describes collector state information.
               data-encoding leaf This field contains the telemetry data encoding in the form of schema.
               data-transport leaf This field contains streaming telemetry data protocols. This could be gRPC, protocol buffer over UDP, etc.
               date leaf Date this object was created or last modified
               name leaf This identifies the name of this object.
               telemetry-destination-id leaf this represents the telemetry-destination-id
            telemetry-source list This is ID for telemetry-source.
               collection-interval leaf This field contains time in milliseconds between each data collection. For example, a value of 5000 means data is streamed to collector every 5 seconds. Value of 0 means data streaming is event-based
               collection-method leaf This field contains a method of collection, i.e., whether it is PUSH-based or PULL-based.
               date leaf Date this object was created or last modified
               heartbeat-interval leaf time in seconds the source sends telemetry heartbeat.
               name leaf This identifies the name of this object.
               nsf-access-credentials leaf This field contains username and password to authenticate with the NSF.
               nsf-access-parameters leaf This field contains information such as IP address and protocol (UDP or TCP) port number of the NSF providing telemetry data.
               qos-marking leaf DSCP value must be contained in this field.
               source-type leaf This should have one of the following type of the NSF telemetry source: NETWORK-NSF, FIREWALL-NSF, IDS-NSF, IPS-NSF, PROXY-NSF, VPN-NSF, DNS, ACTIVE-DIRECTORY, IP Reputation Authority, Web Reputation Authority, Anti-Malware Sandbox, Honey Pot, DHCP, Other...
               telemetry-source-id leaf This is ID for telemetry-source-id.
         threat-feed container this describes the list of threat-feed.
            custom-list list this describes the threat-prevention custom list.
               custom-list-id leaf this describes the custom-list-id.
               date leaf when the custom list was created.
               list-content leaf This describes the contents of the custom-list.
               list-property leaf This determined whether the list-type is blacklist or whitelist.
               list-type leaf This determined whether the feed-type is IP address based or URL based.
               name leaf Name of the custom-list.
            event-map-group list This represents the event map group.
               date leaf when the event-map was created.
               event-map-group-id leaf This is the event-map-group-id.
               name leaf Name of the event-map.
               security-events leaf This contains a list of security events.
               threat-map leaf This contains a list of threat levels.
            malware-scan-group list This represents the malware-scan-group.
               date leaf when the malware-scan-group was created.
               file-types leaf This contains a list of file types needed to be scanned for the virus.
               malware-scan-group-id leaf This is the malware-scan-group-id.
               malware-signatures leaf This contains a list of malware signatures or hash.
               name leaf Name of the malware-scan-group.
               signature-server leaf This describes the signature server of the malware-scan-group.
            threat-feed list This represents the threat feed within the threat-prevention-list.
               date leaf when the threat-feed was created.
               feed-priority leaf this describes the priority of the threat from 0 to 5, where 0 means the threat is minimum and 5 meaning the maximum.
               feed-server leaf this contains threat feed server information.
               feed-type leaf This determined whether the feed-type is IP address based or URL based.
               name leaf Name of the theat feed.
               threat-feed-id leaf This represents the threat-feed-id.