Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
A-33
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix A System Architecture
Communications
IDIOM
IDIOM is a data format standard that defines the event messages that are reported by the IPS as well as
the operational messages that are used to configure and control intrusion detection systems. These
messages consist of XML documents that conform to the IDIOM XML schema.
IDIOM supports two types of interactions: event and control transaction. Event interactions are used to
exchange IPS events such as alerts. IDIOM uses two types of messages for event interactions: event and
error messages. Control transactions provide a means for one host to initiate an action in, change the
state of, or read the state of another host. Control transactions utilize four types of IDIOM messages:
request, response, configuration, and error messages. Events and control transactions that are
communicated between application instances within a host are known as local events or local control
transactions, or collectively, local IDIOM messages. Events and control transactions that are
communicated between different hosts are known as remote events and remote control transactions, or
collectively, remote IDIOM messages.
Note IDIOM for the most part has been superseded by IDCONF, SDEE, and CIDEE.
IDCONF
The Cisco IPS manages its configuration using XML documents. IDCONF specifies the XML schema
including the Cisco IPS control transactions. The IDCONF schema does not specify the contents of the
configuration documents, but rather the framework and building blocks from which the configuration
documents are developed. It provides mechanisms that let the IPS managers and CLI ignore features that
are not configurable by certain platforms or functions through the use of the feature-supported attribute.
IDCONF messages are wrapped inside IDIOM request and response messages.
The following is an IDCONF example:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request xmlns="http://www.cisco.com/cids/idiom" schemaVersion="2.00">
<editConfigDelta xmlns="http://www.cisco.com/cids/idconf">
<component name="userAccount">
<config typedefsVersion="2004-03-01" xmlns="http://www.cisco.com/cids/idconf">
<struct>
<map name="user-accounts“ editOp=“merge”>
<mapEntry>
<key>
<var name="name">cisco</var>
</key>
<struct>
<struct name="credentials">
<var name="role">administrator</var>
</struct>
</struct>
</mapEntry>
</map>
</struct>
</config>
</component>
</editDefaultConfig>
</request>
 previous next