Security operation center.
Version: 2020-05-08
module huawei-soc { yang-version 1; namespace "urn:huawei:yang:huawei-soc"; prefix soc; import huawei-extension { prefix ext; } import huawei-devm { prefix devm; } import huawei-pub-type { prefix pub-type; } import ietf-yang-types { prefix yang; } import huawei-devm-vnf { prefix devm-vnf; } organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "Security operation center."; revision "2020-05-08" { description "Initial revision."; reference "Huawei private."; } ext:task-name "soc"; typedef determine-probability-object { type enumeration { enum "top5-user" { value 0; description "Indicates the top 5 VLAN packets in sampled packets, including single-tagged and double-tagged VLAN packets."; } enum "top5-source-mac" { value 1; description "Indicates the top 5 packets listed by source MAC addresses in sampled packets."; } enum "top5-source-ip" { value 2; description "Indicates the top 5 packets listed by source IP addresses in sampled packets."; } enum "broadcast-flood" { value 3; description "Indicates the broadcast packets in sampled packets."; } enum "app-error-percent" { value 6; description "Indicates the invalid packets and sessions on a protocol module."; } } description "Determining object of probability of attack event."; } typedef protocol-name { type enumeration { enum "802.1ag" { value 48; description "802.1AG protocol."; } enum "white-list" { value 55; description "Whitelist."; } enum "arp" { value 0; description "ARP protocol."; } enum "bfd" { value 33; description "BFD protocol."; } enum "bgp" { value 9; description "BGP protocol."; } enum "bgpv6" { value 58; description "BGPv6 protocol."; } enum "dhcp" { value 2; description "DHCP protocol."; } enum "dhcpv6" { value 73; description "DHCPv6 protocol."; } enum "dns-client" { value 38; description "DNS client protocol."; } enum "dnsv6" { value 43; description "DNSv6 protocol."; } enum "eapol" { value 69; description "EAPOL protocol."; } enum "fib-miss" { value 75; description "IPv4 fib miss packets."; } enum "fib-missv6" { value 76; description "IPv6 fib miss packets."; } enum "ftp-client" { value 23; description "FTP client protocol."; } enum "ftp-server" { value 4; description "FTP server protocol."; } enum "ftpv6-client" { value 59; description "FTPv6 client protocol."; } enum "ftpv6-server" { value 60; description "FTPv6 server protocol."; } enum "hgmp" { value 57; description "Huawei group management protocol."; } enum "hwtacacs" { value 29; description "HWTACACS protocol."; } enum "icmp" { value 1; description "ICMP protocol."; } enum "icmpv6" { value 42; description "ICMPv6 protocol."; } enum "igmp" { value 18; description "IGMP protocol."; } enum "ipv6" { value 66; description "IPv6 protocol."; } enum "isis" { value 20; description "ISIS protocol."; } enum "l2tp" { value 72; description "L2TP protocol."; } enum "lacp" { value 50; description "LACP protocol."; } enum "ldp" { value 10; description "LDP protocol."; } enum "lspping" { value 30; description "LSPPING protocol."; } enum "mld" { value 19; description "ICMPv6 MLD protocol."; } enum "ipfpm" { value 61; description "IPFPM protocol."; } enum "mpls-oam" { value 46; description "MPLS-OAM protocol."; } enum "msdp" { value 16; description "MSDP protocol."; } enum "multicast" { value 63; description "Multicast protocol."; } enum "multicastv6" { value 64; description "IPv6 multicast protocol."; } enum "nd" { value 74; description "ICMPv6 ND protocol."; } enum "ntp" { value 27; description "NTP protocol."; } enum "ospfv2" { value 12; description "OSPFv2 protocol."; } enum "ospfv3" { value 15; description "OSPFv3 protocol."; } enum "pim" { value 17; description "PIM protocol."; } enum "pimv6" { value 21; description "PIMv6 protocol."; } enum "portal" { value 70; description "Portal protocol."; } enum "pppoe" { value 3; description "PPPoE protocol."; } enum "radius" { value 28; description "Radius protocol."; } enum "rip" { value 13; description "RIP protocol."; } enum "rrpp" { value 47; description "RRPP protocol."; } enum "rsvp" { value 11; description "RSVP protocol."; } enum "sftp-client" { value 26; description "SFTP client protocol."; } enum "sftp-server" { value 22; description "SFTP server protocol."; } enum "snmp" { value 6; description "SNMP protocol."; } enum "snmpv6" { value 62; description "SNMPv6 protocol."; } enum "ssh-client" { value 25; description "SSH client protocol."; } enum "ssh-server" { value 5; description "SSH server protocol."; } enum "sshv6-server" { value 44; description "SSHv6 server protocol."; } enum "tcp" { value 67; description "TCP protocol."; } enum "telnet-client" { value 24; description "TELNET client protocol."; } enum "telnet-server" { value 7; description "TELNET server protocol."; } enum "telnetv6-client" { value 40; description "TELNETv6 client protocol."; } enum "telnetv6-server" { value 39; description "TELNETv6 server protocol."; } enum "tftp" { value 8; description "TFTP protocol."; } enum "tftpv6-client" { value 41; description "TFTPv6 client protocol."; } enum "ttl-expired" { value 77; description "IPv4 TTL expired packets."; } enum "ttl-expiredv6" { value 78; description "IPv6 hop-limit expired packets."; } enum "udp" { value 68; description "UDP protocol."; } enum "unknown" { value 54; description "Unknown protocol."; } enum "vgmp" { value 31; description "VGMP protocol."; } enum "vrrp" { value 32; description "VVRRP protocol."; } enum "web" { value 71; description "Web protocol."; } enum "lldp" { value 80; description "LLDP protocol."; } enum "bfdv6" { value 81; description "BFDv6 protocol."; } enum "arpmiss" { value 82; description "ARP miss packets."; } enum "pim-mc" { value 83; description "PIM multicast packets."; } enum "openflow" { value 84; description "Open-Flow protocol."; } enum "ra" { value 85; description "ICMPv6-RA protocol."; } enum "rs" { value 86; description "ICMPv6-RS protocol."; } enum "na" { value 87; description "ICMPv6-NA protocol."; } enum "ns" { value 88; description "ICMPv6-NS protocol."; } enum "web-auth-server" { value 89; description "Web authentication server protocol."; } enum "diameter" { value 90; description "Diameter protocol."; } enum "http-redirect-chasten" { value 91; description "Http-redirect packet of chasten user."; } enum "atm-inarp" { value 92; description "ATM inARP protocol."; } enum "unicast-vrrp" { value 93; description "Unicast VRRP protocol."; } enum "tcp-65410" { value 97; description "Packet with TCP port number 65410."; } enum "padi" { value 98; description "PADI protocol."; } enum "mka" { value 99; description "MKA protocol."; } enum "icmp-broadcast-address-echo" { value 100; description "ICMP broadcast address echo-request packet."; } enum "dlp-rsvp" { value 101; description "Whitelist RSVP packet."; } enum "dlp-isis" { value 102; description "Whitelist ISIS packet."; } enum "dlp-radius" { value 103; description "Whitelist radius packet."; } enum "dlp-ipv6-bgp" { value 104; description "Whitelist BGPv6 packet."; } enum "dlp-ipv6-ospf" { value 105; description "Whitelist OSPFv3 packet."; } enum "dcn-pkt-fin" { value 106; description "DCN-PKT-FIN packet."; } enum "ripng" { value 14; description "RIPNG packet."; } enum "nqa-udp-client" { value 34; description "NQA-UDP-CLIENT packet."; } enum "nqa-udp-server" { value 35; description "NQA-UDP-SERVER packet."; } enum "nqa-tcp-client" { value 36; description "NQA-TCP-CLIENT packet."; } enum "nqa-tcp-server" { value 37; description "NQA-TCP-SERVER packet."; } enum "sshv6-client" { value 45; description "SSHV6-CLIENT packet."; } enum "802.3ah" { value 49; description "802.3AH packet."; } enum "http-client" { value 51; description "HTTP-CLIENT packet."; } enum "http-server" { value 52; description "HTTP-SERVER packet."; } enum "acr" { value 53; description "ACR packet."; } enum "black-list" { value 56; description "Black-list packet."; } enum "ip" { value 65; description "IP packet."; } enum "ospfv6" { value 79; description "OSPFV6 packet."; } enum "dlp-bgp" { value 94; description "DLP-BGP packet."; } enum "dlp-ldp" { value 95; description "DLP-LDP packet."; } enum "dlp-ospf" { value 96; description "DLP-OSPF packet."; } enum "pcep" { value 107; description "PCEP packet."; } enum "vrrpv6" { value 108; description "VRRPv6 packet."; } enum "radiusv6" { value 109; description "RADIUSv6 packet."; } enum "hwtacacsv6" { value 110; description "HWTACACSv6 packet."; } enum "lsppingv6" { value 111; description "LSPPINGv6 packet."; } enum "syslogv6" { value 112; description "SYSLOGv6 packet."; } enum "web-auth-serverv6" { value 113; description "Web-auth-serverv6 packet."; } enum "ipv6-ndh-miss" { value 114; description "IPv6-ndh-miss packet."; } } description "Protocol name."; } typedef attack-defend-protocol { type enumeration { enum "ftp-server" { value 4; description "FTP client server."; } enum "ftp-client" { value 23; description "FTP client protocol."; } enum "ssh-server" { value 5; description "SSH server protocol."; } enum "ssh-client" { value 25; description "SSH client protocol."; } enum "snmp" { value 6; description "SNMP protocol."; } enum "telnet-server" { value 7; description "TELNET server protocol."; } enum "telnet-client" { value 24; description "TELNET client protocol."; } enum "tftp" { value 8; description "TFTP protocol."; } enum "bgp" { value 9; description "BGP protocol."; } enum "ldp" { value 10; description "LDP protocol."; } enum "rsvp" { value 11; description "RSVP protocol."; } enum "ospfv2" { value 12; description "OSPFv2 protocol."; } enum "rip" { value 13; description "RIP protocol."; } enum "ospfv3" { value 15; description "OSPFv3 protocol."; } enum "msdp" { value 16; description "MSDP protocol."; } enum "pim" { value 17; description "PIM protocol."; } enum "igmp" { value 18; description "IGMP protocol."; } enum "isis" { value 20; description "ISIS protocol."; } enum "pimv6" { value 21; description "PIMv6 protocol."; } enum "radius" { value 28; description "Radius protocol."; } enum "hwtacacs" { value 29; description "HWTACACS protocol."; } enum "lspping" { value 30; description "LSPPING protocol."; } enum "icmp" { value 1; description "ICMP protocol."; } enum "vrrp" { value 32; description "VRRP protocol."; } enum "bfd" { value 33; description "BFD protocol."; } enum "dhcp" { value 2; description "DHCP protocol."; } enum "dns-client" { value 38; description "DNS client protocol."; } enum "telnetv6-server" { value 39; description "TELNETv6 server protocol."; } enum "telnetv6-client" { value 40; description "TELNETv6 client protocol."; } enum "icmpv6" { value 42; description "ICMPv6 protocol."; } enum "dnsv6" { value 43; description "DNSv6 protocol."; } enum "sshv6-server" { value 44; description "SSHv6 server protocol."; } enum "ftpv6-server" { value 60; description "FTPv6 server protocol."; } enum "ftpv6-client" { value 59; description "FTPv6 client protocol."; } enum "rrpp" { value 47; description "RRPP protocol."; } enum "lacp" { value 50; description "LACP protocol."; } enum "bgpv6" { value 58; description "BGPv6 protocol."; } } description "Protocals that support attack defense."; } typedef interface-type { type enumeration { enum "main-interface" { value 0; description "Main interface."; } enum "sub-interface" { value 1; description "Sub-interface."; } } description "Interface type."; } typedef l2-loop-level { type enumeration { enum "notification" { value 1; description "Indicates that there is a relatively low possibility that there is a loop on the interface."; } enum "suspect" { value 2; description "Indicates that there is a relatively high possibility that there is a loop on the interface."; } enum "determined" { value 3; description "Indicates an existing loop on an interface."; } } description "Layer 2 loop detection level."; } typedef interface-state { type enumeration { enum "up" { value 1; description "Status of an interface is up."; } enum "down" { value 2; description "Status of an interface is down."; } } description "Status of an interface."; } typedef mac-address-type { type enumeration { enum "broadcast" { value 1; description "Broadcast MAC address."; } enum "multicast" { value 2; description "Multicast MAC address."; } enum "unicast" { value 3; description "Unicast MAC address."; } } description "MAC adddress type."; } typedef probability { type enumeration { enum "notification" { value 1; description "Notification."; } enum "suspicion" { value 2; description "Suspicion."; } enum "determined" { value 3; description "Determined."; } } description "Probability that the attack event occurs."; } grouping application-statistics { description "Statistics about invalid packets and sessions collected by SOC-monitored protocol modules."; leaf total-packet { type uint64; description "Total number of received packets."; } leaf illegal-packet { type uint64; description "Total number of received invalid packets."; } leaf illegal-packet-percent { type uint8; units "%"; description "Percentage of the number of invalid packets to the total number of packets."; } leaf total-session { type uint64; description "Average rate of sessions received within 5 minutes."; } leaf illegal-session { type uint64; description "Average rate of invalid sessions received within 5 minutes."; } leaf illegal-session-percent { type uint8; units "%"; description "Percentage of the number of invalid sessions to the total number of sessions received within 5 minutes."; } } // grouping application-statistics grouping application-statistics-history { description "Historical statistics about invalid packets and sessions collected by SOC-monitored protocol modules."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type protocol-name; description "Protocol name."; } leaf time-number { type uint32; description "Time sequence number. In this example, the system collects statistics about invalid packets and sessions every 5 minutes. The smaller the time sequence number, the closer to the current time. For example, time sequence number 3 indicates the third 5 minutes from the current time."; } leaf total-packet-rate { type uint32; units "pps"; description "Total rate of received packets."; } leaf illegal-packet-rate { type uint32; units "pps"; description "Total rate of received invalid packets."; } leaf illegal-packet-percent { type uint8; units "%"; description "Percentage of the number of invalid packets to the total number of packets."; } leaf total-session-rate { type uint32; units "pps"; description "Average rate of sessions received within 5 minutes."; } leaf illegal-session-rate { type uint32; units "pps"; description "Average rate of invalid sessions received within 5 minutes."; } leaf illegal-session-percent { type uint8; units "%"; description "Percentage of the number of invalid sessions to the total number of sessions received within 5 minutes."; } leaf cpu-usage { type uint32; units "%"; description "Average CPU usage within 5 minutes."; } } // grouping application-statistics-history grouping car-statistics { description "Statistics about protocol packets sent to the CPU."; leaf passed-packets { type uint64; units "packet"; description "The number of passed packets."; } leaf dropped-packets { type uint64; units "packet"; description "The number of discarded packets."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of passed packet bytes."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of discarded packet bytes."; } } // grouping car-statistics grouping car-statistics-history { description "Historical statistics about protocol packets sent to the CPU."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type protocol-name; description "Protocol name."; } leaf car-name { type string { length "0..50"; } description "The type of protocol packet (to be sent to the CPU) on which a CAR action is performed."; } leaf time-number { type uint32; description "Time sequence number. In this example, the system collects statistics about packets every 5 minutes. The smaller the time sequence number, the closer to the current time. For example, time sequence number 3 indicates the third 5 minutes from the current time."; } leaf total-packet-rate { type uint32; units "pps"; description "Total packet rate."; } leaf dropped-packet-rate { type uint32; units "pps"; description "Dropped packet rate."; } leaf dropped-packet-percent { type uint8; units "%"; description "The percentage of packets dropped."; } } // grouping car-statistics-history grouping cpu-usage-history { description "Historical statistics about CPU usage collected by SOC-monitored protocol modules."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf time-number { type uint32; description "Time sequence number. In this example, the system collects statistics about invalid packets and sessions every 5 minutes. The smaller the time sequence number, the closer to the current time. For example, time sequence number 3 indicates the third 5 minutes from the current time."; } leaf cpu-usage { type uint32; units "%"; description "Average CPU usage within 5 minutes."; } } // grouping cpu-usage-history grouping devm-group { description "Configure policies for global management and service plane protection."; container soc { description "Configure policies for global management and service plane protection."; container l2-loop-detect { description "Configure layer 2 loop detection."; container slot-l2loopdet { description "Configure layer 2 loop detection."; leaf enable { type boolean; default "true"; description "Enable/disable layer 2 loop detection."; } leaf packets-drop-threshold { type uint32 { range "1..65535000"; } description "Detect threshold."; } } // container slot-l2loopdet container action { description "Configure the CPU in response to layer 2 loops after the system detects an existing or a potential loop on an interface, after layer 2 loop detection is enabled."; container shutdown { presence "The initial interval between when the interface shuts down and when it goes to the Up state."; description "Enable/disable shut down the interface after detecting an existing layer 2 loop on the interface."; leaf up-times { type uint16 { range "1..10"; } default "5"; description "The maximum number of consecutive times that the system allows the Down interface to go Up in an interval."; } leaf up-interval { type uint16 { range "1..10"; } units "min"; default "5"; description "The initial interval between when the interface shuts down and when it goes to the Up state."; } } // container shutdown container trap { description "Configure a trap after detecting an existing or a potential layer 2 loop."; leaf enable { type boolean; default "true"; description "Enable/disable the system from sending a trap after the system detects a layer 2 loop."; } } // container trap } // container action container loop-level-thresholds { description "List of configure the loop level threshold on a detected main interface or sub-interface."; list loop-level-threshold { ext:generated-by "system"; ext:operation-exclude "create"; must "((./determined>./suspect) and (./suspect>./notification))"; key "interface-type"; description "Configure the loop level threshold on a detected main interface or sub-interface."; leaf interface-type { type interface-type; description "Interface type, main interface or sub-interface."; } leaf determined { ext:dynamic-default { ext:default-value "3000" { when "../interface-type = 'main-interface'"; description "The default value is 3000 when interface-type is main-interface."; } ext:default-value "300" { when "../interface-type = 'sub-interface'"; description "The default value is 300 when interface-type is sub-interface."; } } type uint32 { range "3..6000"; } units "packet"; description "The determined loop threshold."; } leaf suspect { ext:dynamic-default { ext:default-value "2000" { when "../interface-type = 'main-interface'"; description "The default value is 2000 when interface-type is main-interface."; } ext:default-value "200" { when "../interface-type = 'sub-interface'"; description "The default value is 200 when interface-type is sub-interface."; } } type uint32 { range "2..5999"; } units "packet"; description "The suspect loop threshold."; } leaf notification { ext:dynamic-default { ext:default-value "1000" { when "../interface-type = 'main-interface'"; description "The default value is 1000 when interface-type is main-interface."; } ext:default-value "100" { when "../interface-type = 'sub-interface'"; description "The default value is 100 when interface-type is sub-interface."; } } type uint32 { range "1..5998"; } units "packet"; description "The notification loop threshold."; } } // list loop-level-threshold } // container loop-level-thresholds } // container l2-loop-detect } // container soc } // grouping devm-group container soc { description "Security operation center."; container security-operation-center { presence "Enables SOC"; description "Enable/disable security operation center."; container attack-defend { description "Configure attack defense."; leaf enable { type boolean; default "true"; description "Enable/disable the SOC's attack defense function."; } container user-disable-groups { presence "Enables user-disable-group"; description "List of a user-defined group for which attack defense is disabled. Enable/disable the user-defined group for which attack defense is disabled."; list user-disable-group { key "protocol-name"; description "Configure a user-defined group for which attack defense is disabled."; leaf protocol-name { type attack-defend-protocol; description "Specifys specific protocol packets for the user-defined group."; } } // list user-disable-group } // container user-disable-groups container user-enable-groups { presence "Enables user-enable-group"; description "List of a user-defined group for which attack defense is enabled. Enable/disable the user-defined group for which attack defense is enabled."; list user-enable-group { key "protocol-name"; description "Configure a user-defined group for which attack defense is enabled."; leaf protocol-name { type attack-defend-protocol; description "Specifys specific protocol packets for the user-defined group."; } } // list user-enable-group } // container user-enable-groups } // container attack-defend container attack-detect { description "Configure attack detection."; container threshold { description "Configure the threshold for attack detection."; container cpu-usages { description "Configure the CPU usage threshold for attack detection."; leaf cpu-usage { type uint32 { range "1..99"; } units "%"; default "50"; description "The CPU usage threshold for attack detection."; } } // container cpu-usages container protocol-cars { description "List of set the rate threshold for sending protocol packets to the CPU and the packet loss percentage threshold for attack detection."; list protocol-car { ext:generated-by "system"; ext:operation-exclude "create"; key "protocol-name"; description "Configure the rate threshold for sending protocol packets to the CPU and the packet loss percentage threshold for attack detection."; leaf protocol-name { type protocol-name; description "The name of a protocol that supports CAR."; } leaf min-rate { ext:dynamic-default { ext:default-value "300" { when "../protocol-name = 'icmp'"; description "The default value is 300 when protocol-name is ICMP."; } ext:default-value "500" { description "The default value is 500 when protocol-name is others."; } } type uint32 { range "20..4000"; } units "pps"; description "A rate threshold for CP-CAR."; } leaf drop-packet-percent { ext:dynamic-default { ext:default-value "20" { when "../protocol-name = 'dhcp'"; description "The default value is 20 when protocol-name is DHCP."; } ext:default-value "20" { when "../protocol-name = 'pppoe'"; description "The default value is 20 when protocol-name is PPPOE."; } ext:default-value "30" { description "The default value is 30 when protocol-name is others."; } } type uint32 { range "0..99"; } units "%"; description "The packet loss percentage threshold for CP-CAR."; } } // list protocol-car } // container protocol-cars } // container threshold } // container attack-detect container attack-trace { description "Configure attack tracing."; container attack-reason { description "Configure the threshold for determining the cause of an attack event."; leaf broadcast-flood-percent { type uint8 { range "30..80"; } units "%"; default "50"; description "Specifys the threshold for the percentage of broadcast packets to the total number of sampled packets."; } leaf change-source-packet-percent { type uint8 { range "2..10"; } units "%"; default "5"; description "Specifys the threshold for the percentage of packets with varied source addresses to the total number of sampled packets."; } leaf app-packet-percent { type uint8 { range "20..80"; } units "%"; default "30"; description "Specifys the threshold for the percentage of the specified protocol packets to the total number of sampled packets."; } } // container attack-reason container attack-location-type { description "Configure the threshold for determining the location of an attack event."; leaf interface-percent { type uint8 { range "15..99"; } units "%"; default "20"; description "Specifys the threshold for the percentage of the number of packets received on a physical interface to the total number of sampled packets."; } leaf sub-interface-percent { type uint8 { range "10..99"; } units "%"; default "10"; description "Specifys the threshold for the percentage of the number of packets received on a logical interface to the total number of sampled packets."; } leaf vlan-percent { type uint8 { range "15..50"; } units "%"; default "20"; description "Specifys the threshold for the percentage of the number of single-tagged VLAN packets with a specified VLAN ID to the total number of sampled packets."; } leaf source-mac-percent { type uint8 { range "5..50"; } units "%"; default "10"; description "Specifys the threshold for the percentage of the number of packets with a specified source MAC address to the total number of sampled packets."; } leaf source-ip-percent { type uint8 { range "5..50"; } units "%"; default "10"; description "Specifys the threshold for the percentage of the number of packets with a specified source IP address to the total number of sampled packets."; } leaf qinq-percent { type uint8 { range "3..15"; } units "%"; default "10"; description "Specifys the threshold for the percentage of the number of double-tagged VLAN packets with specified inner and outer VLAN IDs to the total number of sampled packets."; } leaf vni-percent { type uint8 { range "15..50"; } units "%"; default "20"; description "Specifys the threshold for the percentage of the number of packets with a specified VNI to the total number of sampled packets."; } } // container attack-location-type container attack-probabilitys { description "List of Configure the threshold for determining the probability of an attack event."; list attack-probability { ext:generated-by "system"; ext:operation-exclude "create"; key "determine-object"; description "Configure the threshold for determining the probability of an attack event."; leaf determine-object { type determine-probability-object; description "Determining object of probability of attack event."; } leaf determined-threshold-value { ext:dynamic-default { ext:default-value "90" { when "../determine-object = 'broadcast-flood'"; description "The default value is 90 when determine-object is broadcast-flood."; } ext:default-value "90" { when "../determine-object = 'app-error-percent'"; description "The default value is 90 when determine-object is app-error-percent."; } ext:default-value "80" { description "The default value is 80 when determine-object is others."; } } type uint8; must "((../determine-object = 'top5-user' or ../determine-object = 'top5-source-mac' or ../determine-object = 'top5-source-ip') and (../determined-threshold-value>=80 and ../determined-threshold-value<=99)) or ((../determine-object = 'broadcast-flood' or ../determine-object = 'app-error-percent') and (../determined-threshold-value>=90 and ../determined-threshold-value<=99))"; description "Specifys the threshold for the percentage of the number of packets with specified characteristics to the total number of sampled packets. BROADCAST[90,99], APP_ERR[90,99], others[80,99]. determine-object with different value have different default determined-threshold-value values."; } leaf suspicion-threshold-value { ext:dynamic-default { ext:default-value "70" { when "../determine-object = 'broadcast-flood'"; description "The default value is 70 when determine-object is broadcast-flood."; } ext:default-value "75" { when "../determine-object = 'app-error-percent'"; description "The default value is 75 when determine-object is app-error-percent."; } ext:default-value "60" { description "The default value is 60 when determine-object is others."; } } type uint8; must "((../determine-object = 'top5-user' or ../determine-object = 'top5-source-mac' or ../determine-object = 'top5-source-ip') and (../suspicion-threshold-value>=60 and ../suspicion-threshold-value<=80)) or (../determine-object = 'broadcast-flood' and ../suspicion-threshold-value>=70 and ../suspicion-threshold-value<=90) or (../determine-object = 'app-error-percent' and ../suspicion-threshold-value>=75 and ../suspicion-threshold-value<=90)"; description "Specifys the suspicion threshold for the percentage of the number of packets with specified characteristics to the total number of sampled packets. BROADCAST[70,90], APP_ERR[75,90], others[60,80]. determine-object with different value have different default suspicion-threshold-value values."; } leaf notification-threshold-value { ext:dynamic-default { ext:default-value "50" { when "../determine-object = 'broadcast-flood'"; description "The default value is 50 when determine-object is broadcast-flood."; } ext:default-value "60" { when "../determine-object = 'app-error-percent'"; description "The default value is 60 when determine-object is app-error-percent."; } ext:default-value "40" { description "The default value is 40 when determine-object is others."; } } type uint8; must "((../determine-object = 'top5-user' or ../determine-object = 'top5-source-mac' or ../determine-object = 'top5-source-ip') and (../notification-threshold-value>=40 and ../notification-threshold-value<=60)) or (../determine-object = 'broadcast-flood' and ../notification-threshold-value>=50 and ../notification-threshold-value<=70) or (../determine-object = 'app-error-percent' and ../notification-threshold-value>=60 and ../notification-threshold-value<=75)"; description "Specifys the notification threshold for the percentage of the number of packets with specified characteristics to the total number of sampled packets. BROADCAST[50,70], APP_ERR[60,75], others[40,60]. determine-object with different value have different default notification-threshold-value."; } } // list attack-probability } // container attack-probabilitys } // container attack-trace container attack-defend-statistics { config false; description "Statistics of attack defense."; container port-vlan-cars { description "List of CAR statistics on a specified board."; list port-vlan-car { key "number"; description "Statistics of CAR on a specified board."; leaf number { type uint32; description "The ordinal number of statistics records."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot number."; } leaf interface { type pub-type:if-name; description "Interface name."; } leaf outer-vlan { type uint16; description "Outer VLAN ID of an interface."; } leaf inner-vlan { type uint16; description "Inner VLAN ID of an interface."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list port-vlan-car } // container port-vlan-cars } // container attack-defend-statistics container attack-detect-statistics { config false; description "Statistics of attack detection."; container application { description "Statistics of invalid packets and sessions collected by SOC-monitored protocol modules."; container currents { description "List of current statistics about invalid packets and sessions collected by SOC-monitored protocol modules."; list current { key "slot protocol"; description "Statistics of current invalid packets and sessions collected by SOC-monitored protocol modules."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type protocol-name; description "Protocol name."; } uses application-statistics; } // list current } // container currents container last-15-minutess { description "List of statistics about invalid packets and sessions collected by SOC-monitored protocol modules within the last 15 minutes."; list last-15-minutes { key "slot protocol time-number"; description "Statistics of invalid packets and sessions collected by SOC-monitored protocol modules within the last 15 minutes."; uses application-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about invalid packets and sessions every 1 minute."; } refine cpu-usage { description "Average CPU usage within 1 minute."; } } } // list last-15-minutes } // container last-15-minutess container last-60-minutess { description "List of statistics about invalid packets and sessions collected by SOC-monitored protocol modules within the last 60 minutes."; list last-60-minutes { key "slot protocol time-number"; description "Statistics of invalid packets and sessions collected by SOC-monitored protocol modules within the last 60 minutes."; uses application-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about invalid packets and sessions every 5 minutes."; } refine cpu-usage { description "Average CPU usage within 5 minutes."; } } } // list last-60-minutes } // container last-60-minutess container last-72-hourss { description "List of statistics about invalid packets and sessions collected by SOC-monitored protocol modules within the last 72 hours."; list last-72-hours { key "slot protocol time-number"; description "Statistics of invalid packets and sessions collected by SOC-monitored protocol modules within the last 72 hours."; uses application-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about invalid packets and sessions every 1 hour."; } refine cpu-usage { description "Average CPU usage within 1 hour."; } } } // list last-72-hours } // container last-72-hourss } // container application container car { description "Statistics of protocol packets sent to the CPU."; container currents { description "List of current statistics about protocol packets sent to the CPU."; list current { key "slot protocol car-name"; description "Statistics of current protocol packets sent to the CPU."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type protocol-name; description "Protocol name."; } leaf car-name { type string { length "0..50"; } description "The type of protocol packet (to be sent to the CPU) on which a CAR action is performed."; } uses car-statistics; } // list current } // container currents container last-15-minutess { description "List of statistics about protocol packets sent to the CPU within the last 15 minutes."; list last-15-minutes { key "slot protocol car-name time-number"; description "Statistics of protocol packets sent to the CPU within the last 15 minutes."; uses car-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about packets every 1 minute."; } } } // list last-15-minutes } // container last-15-minutess container last-60-minutess { description "List of statistics about protocol packets sent to the CPU within the last 60 minutes."; list last-60-minutes { key "slot protocol car-name time-number"; description "Statistics of protocol packets sent to the CPU within the last 60 minutes."; uses car-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about packets every 5 minutes."; } } } // list last-60-minutes } // container last-60-minutess container last-72-hourss { description "List of statistics about protocol packets sent to the CPU within the last 72 hours."; list last-72-hours { key "slot protocol car-name time-number"; description "Statistics of protocol packets sent to the CPU within the last 72 hours."; uses car-statistics-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about packets every 1 hour."; } } } // list last-72-hours } // container last-72-hourss } // container car container cpu-usage { description "Statistics of historical CPU usage."; container last-15-minutess { description "List of statistics about the CPU usage within the last 15 minutes."; list last-15-minutes { key "slot time-number"; description "Statistics of the CPU usage within the last 15 minutes."; uses cpu-usage-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about CPU usage every 1 minute."; } refine cpu-usage { description "Average CPU usage within 1 minute."; } } } // list last-15-minutes } // container last-15-minutess container last-60-minutess { description "List of statistics about the CPU usage within the last 60 minutes."; list last-60-minutes { key "slot time-number"; description "Statistics of the CPU usage within the last 60 minutes."; uses cpu-usage-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about CPU usage every 5 minutes."; } refine cpu-usage { description "Average CPU usage within 5 minutes."; } } } // list last-60-minutes } // container last-60-minutess container last-72-hourss { description "List of statistics about the CPU usage within the last 72 hours."; list last-72-hours { key "slot time-number"; description "Statistics of the CPU usage within the last 72 hours."; uses cpu-usage-history { refine time-number { description "Time sequence number. In this example, the system collects statistics about CPU usage every 1 hour."; } refine cpu-usage { description "Average CPU usage within 1 hour."; } } leaf peak-cpu-usage { type uint32; units "%"; description "Peak CPU usage within 1 hour."; } } // list last-72-hours } // container last-72-hourss } // container cpu-usage } // container attack-detect-statistics container attack-event-reports { config false; description "List of displays statistics for attack events."; list attack-event-report { key "event-number"; description "Displays statistics for attack events."; leaf event-number { type uint32 { range "1..16777215"; } description "The number of an attack event."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot number."; } leaf start-time { type yang:date-and-time; description "Time when the attack event starts."; } leaf end-time { type yang:date-and-time; description "Time when the attack event ends."; } leaf location { type string { length "0..64"; } description "The physical interface where the attack event occurs."; } leaf probability { type probability; description "The probability of an attack."; } leaf reason { type string { length "0..128"; } description "Cause for the attack event."; } container interface-rankings { description "List of top N interfaces related to attack packets."; list interface-ranking { key "rank"; description "Statistics of top N interfaces related to attack packets."; leaf rank { type uint32 { range "1..5"; } description " Interface ranking on attack events."; } leaf interface-name { type string { length "0..64"; } description "Interface name."; } leaf interface-percent { type uint8; units "%"; description "The percentage of packets received by the interface."; } } // list interface-ranking } // container interface-rankings container vlan-rankings { description "List of top N VLANs related to attack packets."; list vlan-ranking { key "rank"; description "Statistics of top N VLANs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description " VLAN ranking on attack events."; } leaf vlan-id { type uint16; description "VLAN ID."; } leaf pevlan { type uint16; description "PE VLAN ID."; } leaf cevlan { type uint16; description "CE VLAN ID."; } leaf vlan-percent { type uint8; units "%"; description "The percentage of packets received by the VLAN."; } } // list vlan-ranking } // container vlan-rankings container vni-rankings { description "List of top N VNIs related to attack packets."; list vni-ranking { key "rank"; description "Statistics of top N VNIs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description " VNI ranking on attack events."; } leaf vni { type uint32; description "VNI."; } leaf vni-percent { type uint8; units "%"; description "The percentage of packets received by the VNI."; } } // list vni-ranking } // container vni-rankings container mac-rankings { description "List of top N MAC addresses related to attack packets."; list mac-ranking { key "rank"; description "Statistics of top N MAC addresses related to attack packets."; leaf rank { type uint32 { range "1..5"; } description " MAC addresses ranking on attack events."; } leaf mac { type string { length "0..32"; } description "MAC address."; } leaf mac-percent { type uint8; units "%"; description "The percentage of packets received by the MAC addresses."; } } // list mac-ranking } // container mac-rankings container source-ip-rankings { description "List of top N Source-IP addresses related to attack packets."; list source-ip-ranking { key "rank"; description "Statistics of top N Source-IP addresses related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Source-IP addresses ranking on attack events."; } leaf source-ip { type string { length "0..32"; } description "Source-IP address."; } leaf source-ip-percent { type uint8; units "%"; description "The percentage of packets received by the source-IP address."; } } // list source-ip-ranking } // container source-ip-rankings container source-ipv6-rankings { description "List of top N Source-IPv6 addresses related to attack packets."; list source-ipv6-ranking { key "rank"; description "Statistics of top N Source-IPv6 addresses related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Source-IPv6 ranking on attack events."; } leaf source-ipv6 { type string { length "0..50"; } description "Source-IPv6 address."; } leaf source-ipv6-percent { type uint8; units "%"; description "The percentage of packets received by source-IPv6 address."; } } // list source-ipv6-ranking } // container source-ipv6-rankings container application-rankings { description "List of top N applications related to attack packets."; list application-ranking { key "rank"; description "Statistics of top N applications related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Application protocol ranking on attack events."; } leaf application { type string { length "0..35"; } description "Application protocol name."; } leaf application-percent { type uint8; units "%"; description "The percentage of packets received by the application protocol."; } } // list application-ranking } // container application-rankings container circuit-id-rankings { description "List of top N Circuit IDs related to attack packets."; list circuit-id-ranking { key "rank"; description "Statistics of top N Circuit IDs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Circuit ID protocol ranking on attack events."; } leaf circuit-id { type string { length "0..205"; } description "Circuit ID."; } leaf circuit-id-percent { type uint8; units "%"; description "The percentage of packets received by the agent circuit ID."; } } // list circuit-id-ranking } // container circuit-id-rankings container remote-id-rankings { description "List of top N remote IDs related to attack packets."; list remote-id-ranking { key "rank"; description "Statistics of top N remote IDs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Remote ID protocol ranking on attack events."; } leaf remote-id { type string { length "0..205"; } description "Remote ID."; } leaf remote-id-percent { type uint8; units "%"; description "The percentage of packets received by the agent remote ID."; } } // list remote-id-ranking } // container remote-id-rankings container tunnel-id-rankings { description "List of top N tunnel IDs related to attack packets."; list tunnel-id-ranking { key "rank"; description "Statistics of top N tunnel IDs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Tunnel ID protocol ranking on attack events."; } leaf tunnel-id { type uint32; description "The percentage of packets received is ranked in the L2TP tunnel ID."; } leaf tunnel-id-percent { type uint8; units "%"; description "The percentage of packets received by the L2TP tunnel ID."; } } // list tunnel-id-ranking } // container tunnel-id-rankings container session-id-rankings { description "List of top N session IDs related to attack packets."; list session-id-ranking { key "rank"; description "Statistics of top N session IDs related to attack packets."; leaf rank { type uint32 { range "1..5"; } description "Session ID protocol ranking on attack events."; } leaf session-id { type uint32; description "The percentage of packets received is ranked in the L2TP session ID."; } leaf session-id-percent { type uint8; units "%"; description "The percentage of packets received by the L2TP session ID."; } } // list session-id-ranking } // container session-id-rankings } // list attack-event-report } // container attack-event-reports } // container security-operation-center container loop-detect { description "Configure loop detection."; container l3-loop-detect { description "Configure layer 3 loop detection."; leaf enable { type boolean; default "true"; description "Enable/disable layer 3 loop detection."; } } // container l3-loop-detect container l2-loop-detect { config false; description "Statistics of configure layer 2 loop detection."; container loop-statuss { description "List of displays statistics for layer 2 loop detection."; list loop-status { key "slot interface vlan-id"; description "Displays statistics for layer 2 loop detection."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf interface { type pub-type:if-name; description "Interface name."; } leaf vlan-id { type uint16; description "VLAN ID for VLANif interface."; } leaf loop-level { type l2-loop-level; description "Loop level."; } leaf interface-state { type interface-state; description "Status of an interface: Up or Down."; } } // list loop-status } // container loop-statuss container packets { description "List of displays statistics for packets that cause layer 2 loops."; list packet { key "slot interface packet-number"; description "Displays statistics for packets that cause layer 2 loops."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf interface { type pub-type:if-name; description "Interface name."; } leaf packet-number { type uint16; description "Packet number."; } leaf logical-interface { type pub-type:if-name; description "Logical interface name."; } leaf outer-vlan { type uint16; description "External VLAN ID of a packet."; } leaf inner-vlan { type uint16; description "Internal VLAN ID of a packet."; } leaf protocol-type { type uint16; description "Protocol type of packets."; } leaf protocol-name { type string { length "1..32"; } description "Protocol name of packets."; } leaf packet-type { type mac-address-type; description "Packet type defined based on the destination MAC address of the packet."; } leaf source-mac { type pub-type:mac-address; description "Source MAC address of a packet."; } } // list packet } // container packets } // container l2-loop-detect } // container loop-detect } // container soc rpc reset-soc-attack-defend-statistics { ext:node-ref "/soc:soc/soc:security-operation-center/soc:attack-defend-statistics/soc:port-vlan-cars"; description "Reset soc attack defend statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } } } // rpc reset-soc-attack-defend-statistics augment /devm:devm/devm:lpu-boards/devm:lpu-board { description "Configure policies for global management and service plane protection."; uses devm-group; } augment /devm:devm/devm:mpu-boards/devm:mpu-board { description "Configure policies for global management and service plane protection."; uses devm-group; } augment /devm-vnf:devm-vnf/devm-vnf:vnf-boards/devm-vnf:vnf-board { description "Configure policies for global management and service plane protection."; uses devm-group; } } // module huawei-soc
© 2023 YumaWorks, Inc. All rights reserved.