Discovering Intrusion Prevention System Sensor

ARPAN BINOY
Tera Contributor

Upon running discovering on IPS device, we see OIDs (in ECC Queue). This OID is blocked by ServiceNow as per their KB article (We need to prevent any SNMP OID Classifications being added with a Net-SNMP module OID starting 1.3....)


OEM provided us with a different OID (not blocked) and MiB files. Despite adding them, we are still unable to discover the devices.

 

If a custom pattern needs to be developed, what is the initial starting point as there is difference in OID between the vendor and ServiceNow and for these devices all attributes are fetched from OID itself?
Also can we proceed using SSH credentials as SNMP classification is not working? 

3 REPLIES 3

RawelSingh
Tera Contributor

Hi Arpan,

 

We also had similar issue at one of our clients . We discovered via SSH instead of SNMP.

 

Thanks.

Hi Rawel,

 

Did you create a new classifier and pattern as well? Also, debugging Linux server pattern on that IP gives a very unusual error - Error; job finished with status ERROR: SSH channel 9 activity timeout in state EXECUTING. (timeout = 120000) com.snc.ssh.SSHTimer@7b84dbe4 while in state EXECUTING

Is this because of the sudo permissions or something else, if you have an idea (answers on community are not clear).

 

Thanks

Hi Arpan,

 

For us it got discovered under Linux server without any issues.

 

Thanks,

Rawel