From f11d7d81814fc770ba47cf152f1c65eaee58086f Mon Sep 17 00:00:00 2001 From: Binny Date: Wed, 8 Oct 2025 11:47:20 +0000 Subject: [PATCH] ols-848-intrusiondetection-draft-changes --- capabilities/connect.capabilities.yml | 1 + schema/switch.yml | 18 +++++++++- state/state.yml | 36 +++++++++++++++++++- ucentral.capabilities.pretty.json | 1 + ucentral.schema.full.json | 19 +++++++++++ ucentral.schema.json | 15 +++++++++ ucentral.schema.pretty.json | 19 +++++++++++ ucentral.state.pretty.json | 47 +++++++++++++++++++++++++++ 8 files changed, 154 insertions(+), 2 deletions(-) diff --git a/capabilities/connect.capabilities.yml b/capabilities/connect.capabilities.yml index e2db748..3303e08 100644 --- a/capabilities/connect.capabilities.yml +++ b/capabilities/connect.capabilities.yml @@ -282,6 +282,7 @@ properties: - IP-ACL - Guest-VLAN - Storm-Control + - Access-Lockout # Services - Service-SSH - Service-RSSH diff --git a/schema/switch.yml b/schema/switch.yml index c5650ae..a1050b9 100644 --- a/schema/switch.yml +++ b/schema/switch.yml @@ -545,6 +545,22 @@ properties: minLength: 1 examples: - "A VoIP Phone" + intrusion-detection-access-lockout: + description: Enables protection against unauthorized login attempts by locking user access + after a specified number of failed authentication attempts within a defined period. + type: object + properties: + enabled: + description: (Optional) Global flag to enable or disable the intrusion detection and access lockout feature. + If the flag is not present but this object exists, then consider the feature enabled with other params below. + type: boolean + lockout-attempt-count: + description: Number of consecutive failed login attempts allowed before the user account is locked. + type: integer + minimum: 1 + lockout-period-seconds: + description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold. + type: integer arp-inspect: $ref: "https://ucentral.io/schema/v1/switch/arp-inspect/" ip-source-guard: @@ -557,4 +573,4 @@ properties: description: Define a global list of dns servers. type: array items: - type: string + type: string \ No newline at end of file diff --git a/state/state.yml b/state/state.yml index 322af0c..808b8c2 100644 --- a/state/state.yml +++ b/state/state.yml @@ -187,4 +187,38 @@ properties: description: Total number of topology changes detected. last-topology-change-seconds: type: integer - description: Time (in seconds) since the last topology change. \ No newline at end of file + description: Time (in seconds) since the last topology change. + access-lockout: + type: object + description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature. + properties: + user-sessions: + type: array + description: Displays a list of user sessions being tracked for failed login attempts. + items: + type: object + properties: + username: + type: string + description: The username associated with the login attempts being tracked. + source-ip: + type: string + description: The IP address from which the login attempts originated. + failed-attempts: + type: integer + description: The number of consecutive failed login attempts recorded for this user session. + status: + type: string + description: Indicates whether the user account is currently locked or active. + enum: + - active + - locked + last-failed-attempt-time: + type: integer + description: UNIX timestamp (in seconds) of the most recent failed login attempt. + lockout-start-time: + type: integer + description: UNIX timestamp (in seconds) when the user account was locked. + lockout-expiry-time: + type: integer + description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored. \ No newline at end of file diff --git a/ucentral.capabilities.pretty.json b/ucentral.capabilities.pretty.json index 5e1a887..69579e8 100644 --- a/ucentral.capabilities.pretty.json +++ b/ucentral.capabilities.pretty.json @@ -344,6 +344,7 @@ "IP-ACL", "Guest-VLAN", "Storm-Control", + "Access-Lockout", "Service-SSH", "Service-RSSH", "Service-Telnet", diff --git a/ucentral.schema.full.json b/ucentral.schema.full.json index a01038f..0ff3302 100644 --- a/ucentral.schema.full.json +++ b/ucentral.schema.full.json @@ -1434,6 +1434,25 @@ } } }, + "intrusion-detection-access-lockout": { + "description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.", + "type": "object", + "properties": { + "enabled": { + "description": "(Optional) Global flag to enable or disable the intrusion detection and access lockout feature. If the flag is not present but this object exists, then consider the feature enabled with other params below.", + "type": "boolean" + }, + "lockout-attempt-count": { + "description": "Number of consecutive failed login attempts allowed before the user account is locked.", + "type": "integer", + "minimum": 1 + }, + "lockout-period-seconds": { + "description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.", + "type": "integer" + } + } + }, "arp-inspect": { "type": "object", "description": "Global configuration for ARP Inspection on the switch.", diff --git a/ucentral.schema.json b/ucentral.schema.json index a250705..f9da0f5 100644 --- a/ucentral.schema.json +++ b/ucentral.schema.json @@ -1599,6 +1599,21 @@ } } }, + "intrusion-detection-access-lockout": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "lockout-attempt-count": { + "type": "integer", + "minimum": 1 + }, + "lockout-period-seconds": { + "type": "integer" + } + } + }, "arp-inspect": { "$ref": "#/$defs/switch.arp-inspect" }, diff --git a/ucentral.schema.pretty.json b/ucentral.schema.pretty.json index de89933..4512de4 100644 --- a/ucentral.schema.pretty.json +++ b/ucentral.schema.pretty.json @@ -1892,6 +1892,25 @@ } } }, + "intrusion-detection-access-lockout": { + "description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.", + "type": "object", + "properties": { + "enabled": { + "description": "(Optional) Global flag to enable or disable the intrusion detection and access lockout feature. If the flag is not present but this object exists, then consider the feature enabled with other params below.", + "type": "boolean" + }, + "lockout-attempt-count": { + "description": "Number of consecutive failed login attempts allowed before the user account is locked.", + "type": "integer", + "minimum": 1 + }, + "lockout-period-seconds": { + "description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.", + "type": "integer" + } + } + }, "arp-inspect": { "$ref": "#/$defs/switch.arp-inspect" }, diff --git a/ucentral.state.pretty.json b/ucentral.state.pretty.json index 6c00e37..c846ea5 100644 --- a/ucentral.state.pretty.json +++ b/ucentral.state.pretty.json @@ -256,6 +256,53 @@ } } } + }, + "access-lockout": { + "type": "object", + "description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.", + "properties": { + "user-sessions": { + "type": "array", + "description": "Displays a list of user sessions being tracked for failed login attempts.", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "The username associated with the login attempts being tracked." + }, + "source-ip": { + "type": "string", + "description": "The IP address from which the login attempts originated." + }, + "failed-attempts": { + "type": "integer", + "description": "The number of consecutive failed login attempts recorded for this user session." + }, + "status": { + "type": "string", + "description": "Indicates whether the user account is currently locked or active.", + "enum": [ + "active", + "locked" + ] + }, + "last-failed-attempt-time": { + "type": "integer", + "description": "UNIX timestamp (in seconds) of the most recent failed login attempt." + }, + "lockout-start-time": { + "type": "integer", + "description": "UNIX timestamp (in seconds) when the user account was locked." + }, + "lockout-expiry-time": { + "type": "integer", + "description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored." + } + } + } + } + } } }, "$defs": {