A-34
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix A System Architecture
Communications
IDIOM
IDIOM is a data format standard that defines the event messages that are reported by the IPS as well as
the operational messages that are used to configure and control intrusion detection systems. These
messages consist of XML documents that conform to the IDIOM XML schema.
IDIOM supports two types of interactions: event and control transaction. Event interactions are used to
exchange IPS events such as alerts. IDIOM uses two types of messages for event interactions: event and
error messages. Control transactions provide a means for one host to initiate an action in, change the
state of, or read the state of another host. Control transactions utilize four types of IDIOM messages:
request, response, configuration, and error messages. Events and control transactions that are
communicated between application instances within a host are known as local events or local control
transactions, or collectively, local IDIOM messages. Events and control transactions that are
communicated between different hosts using the RDEP2 protocol are known as remote events and
remote control transactions, or collectively, remote IDIOM messages.
Note
IDIOM for the most part has been superseded by IDCONF, SDEE, and CIDEE.
IDCONF
IPS 5.0 manages its configuration using XML documents. IDCONF specifies the XML schema including
IPS 5.0 control transactions. The IDCONF schema does not specify the contents of the configuration
documents, but rather the framework and building blocks from which the configuration documents are
developed. It provides mechanisms that let the IPS managers and CLI ignore features that are not
configurable by certain platforms or functions through the use of the feature-supported attribute.
IDCONF messages are exchanged over RDEP2 and are wrapped inside IDIOM request and response
messages.
The following is an IDCONF example:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request xmlns="http://www.cisco.com/cids/idiom" schemaVersion="2.00">
<editConfigDelta xmlns="http://www.cisco.com/cids/idconf">
<component name="userAccount">
<config typedefsVersion="2004-03-01" xmlns="http://www.cisco.com/cids/idconf">
<struct>
<map name="user-accounts“ editOp=“merge”>
<mapEntry>
<key>
<var name="name">cisco</var>
</key>
<struct>
<struct name="credentials">
<var name="role">administrator</var>
</struct>
</struct>
</mapEntry>
</map>
</struct>
</config>
</component>
</editDefaultConfig>
</request>