NetconfCentral:

Grouping	Objects	Abstract
attack-detail	vendor-id attack-id description-lang attack-description attack-severity start-time end-time source-count	Various details that describe the ongoing attacks that need to be mitigated by the DOTS server. The attack details need to cover well-known and common attacks (such as a SYN flood) along with new emerging or vendor-specific attacks.
baseline	target-prefix target-port-range target-protocol target-fqdn target-urialias-name total-traffic-normal total-traffic-normal-per-protocol total-traffic-normal-per-port total-connection-capacity total-connection-capacity-per-port	Grouping for the telemetry baseline.
connection-all	connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	Total attack connections, including current values.
connection-percentile-and-peak	connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	A set of data nodes that represent the attack characteristics.
connection-port	protocol port connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	Total attack connections per port number.
connection-protocol	protocol connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	Total attack connections.
connection-protocol-all	protocol connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	Total attack connections per protocol, including current values.
connection-protocol-port-all	protocol port connection-c embryonic-c connection-ps-c request-ps-c partial-request-c	Total attack connections per port number, including current values.
percentile-and-peak	low-percentile-g mid-percentile-g high-percentile-g peak-g	Generic grouping for percentile and peak values.
percentile-peak-and-current	low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g	Generic grouping for percentile and peak values.
pre-or-ongoing-mitigation	total-traffic total-traffic-protocol total-traffic-port total-attack-traffic total-attack-traffic-protocol total-attack-traffic-port total-attack-connection-protocol total-attack-connection-port attack-detail	Grouping for the telemetry data.
talker	spoofed-status source-prefix source-port-range source-icmp-type-range total-attack-traffic	Defines generic data related to top talkers.
telemetry-parameters	measurement-interval measurement-sample low-percentile mid-percentile high-percentile	A grouping that includes a set of parameters that are used to prepare the reported telemetry data. The grouping indicates a measurement interval, a measurement sample period, and low-percentile/mid-percentile/high-percentile values.
top-talker	talker	Top attack sources with detailed per-protocol structure.
top-talker-aggregate	talker	An aggregate of top attack sources. This aggregate is typically used when included in a mitigation request.
total-connection-capacity	connection connection-client embryonic embryonic-client connection-ps connection-client-ps request-ps request-client-ps partial-request-max partial-request-client-max	Total connection capacities for various types of connections, as well as overall capacity. These data nodes are useful for detecting resource-consuming DDoS attacks.
total-connection-capacity-protocol	protocol connection connection-client embryonic embryonic-client connection-ps connection-client-ps request-ps request-client-ps partial-request-max partial-request-client-max	Total connection capacity per protocol. These data nodes are useful for detecting resource-consuming DDoS attacks.
traffic-unit	unit low-percentile-g mid-percentile-g high-percentile-g peak-g	Grouping of traffic as a function of the measurement unit.
traffic-unit-all	unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g	Grouping of traffic as a function of the measurement unit, including current values.
traffic-unit-port	port unit low-percentile-g mid-percentile-g high-percentile-g peak-g	Grouping of traffic bound to a port number as a function of the measurement unit.
traffic-unit-port-all	port unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g	Grouping of traffic bound to a port number as a function of the measurement unit, including current values.
traffic-unit-protocol	protocol unit low-percentile-g mid-percentile-g high-percentile-g peak-g	Grouping of traffic of a given transport protocol as a function of the measurement unit.
traffic-unit-protocol-all	protocol unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g	Grouping of traffic of a given transport protocol as a function of the measurement unit, including current values.
unit-config	unit-config	Generic grouping for unit configuration.

attack-detail

vendor-id attack-id description-lang attack-description attack-severity start-time end-time source-count

Various details that describe the ongoing attacks that need to be mitigated by the DOTS server. The attack details need to cover well-known and common attacks (such as a SYN flood) along with new emerging or vendor-specific attacks.

baseline

target-prefix target-port-range target-protocol target-fqdn target-urialias-name total-traffic-normal total-traffic-normal-per-protocol total-traffic-normal-per-port total-connection-capacity total-connection-capacity-per-port

Grouping for the telemetry baseline.

connection-all

connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

Total attack connections, including current values.

connection-percentile-and-peak

connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

A set of data nodes that represent the attack characteristics.

connection-port

protocol port connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

Total attack connections per port number.

connection-protocol

protocol connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

Total attack connections.

connection-protocol-all

protocol connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

Total attack connections per protocol, including current values.

connection-protocol-port-all

protocol port connection-c embryonic-c connection-ps-c request-ps-c partial-request-c

Total attack connections per port number, including current values.

percentile-and-peak

low-percentile-g mid-percentile-g high-percentile-g peak-g

Generic grouping for percentile and peak values.

percentile-peak-and-current

low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g

Generic grouping for percentile and peak values.

pre-or-ongoing-mitigation

total-traffic total-traffic-protocol total-traffic-port total-attack-traffic total-attack-traffic-protocol total-attack-traffic-port total-attack-connection-protocol total-attack-connection-port attack-detail

Grouping for the telemetry data.

talker

spoofed-status source-prefix source-port-range source-icmp-type-range total-attack-traffic

Defines generic data related to top talkers.

telemetry-parameters

measurement-interval measurement-sample low-percentile mid-percentile high-percentile

A grouping that includes a set of parameters that are used to prepare the reported telemetry data. The grouping indicates a measurement interval, a measurement sample period, and low-percentile/mid-percentile/high-percentile values.

top-talker

talker

Top attack sources with detailed per-protocol structure.

top-talker-aggregate

talker

An aggregate of top attack sources. This aggregate is typically used when included in a mitigation request.

total-connection-capacity

connection connection-client embryonic embryonic-client connection-ps connection-client-ps request-ps request-client-ps partial-request-max partial-request-client-max

Total connection capacities for various types of connections, as well as overall capacity. These data nodes are useful for detecting resource-consuming DDoS attacks.

total-connection-capacity-protocol

protocol connection connection-client embryonic embryonic-client connection-ps connection-client-ps request-ps request-client-ps partial-request-max partial-request-client-max

Total connection capacity per protocol. These data nodes are useful for detecting resource-consuming DDoS attacks.

traffic-unit

unit low-percentile-g mid-percentile-g high-percentile-g peak-g

Grouping of traffic as a function of the measurement unit.

traffic-unit-all

unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g

Grouping of traffic as a function of the measurement unit, including current values.

traffic-unit-port

port unit low-percentile-g mid-percentile-g high-percentile-g peak-g

Grouping of traffic bound to a port number as a function of the measurement unit.

traffic-unit-port-all

port unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g

Grouping of traffic bound to a port number as a function of the measurement unit, including current values.

traffic-unit-protocol

protocol unit low-percentile-g mid-percentile-g high-percentile-g peak-g

Grouping of traffic of a given transport protocol as a function of the measurement unit.

traffic-unit-protocol-all

protocol unit low-percentile-g mid-percentile-g high-percentile-g peak-gcurrent-g

Grouping of traffic of a given transport protocol as a function of the measurement unit, including current values.

unit-config

Generic grouping for unit configuration.

ietf-dots-telemetry