Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace IBM Cloud Pak for AIOps
Created by Guest
Created on Apr 24, 2026

RELATED IDEAS

Native SNMP_WATCH ProbeWatch Event for USM Authentication Failures in mttrapd Probe

This enhancement eliminates a critical visibility gap by converting "silent" SNMPv3 authentication failures—currently only visible through manual log analysis—into real-time ProbeWatch alerts. By providing immediate notification and essential device details (IP and Engine ID), it enables the NOC to proactively resolve credential mismatches and ensures comprehensive security monitoring for all SNMPv3 devices.

Why is it useful?

  • Real-Time Security Awareness: It converts "silent drops" into actionable alarms, allowing you to detect unauthorized access attempts or brute-force attacks immediately.

  • Reduced Troubleshooting Time: By including the Source IP and Engine ID directly in the alert, engineers can instantly identify the misconfigured device without searching through gigabytes of raw text logs.

  • Operational Integrity: It ensures that all SNMPv3 devices are actually monitored. Without this, a configuration typo means you lose all traps from that device without even knowing it’s failing.

Who would benefit?

  • NOC Team: They get immediate notification when a device stops communicating correctly due to a credential mismatch, allowing for proactive fixes.

  • SOC Team: They gain an audit trail of failed authentication attempts, which is vital for security compliance and threat detection.

  • System Administrators: They can easily verify if a new deployment was successful or if the mttrapd.conf cache needs an update for a specific user.

How should it work?

The probe should behave exactly like it does for "Unknown Engine IDs," but for authentication errors:

  1. Trigger: The Net-SNMP library detects a USM authentication failure (wrong password/digest).

  2. Generation: Instead of a silent drop, the probe generates a ProbeWatch event with the header SNMP_WATCH.

  3. Data Payload: The event summary must contain the following specific fields extracted from the failing packet:

· module=SNMPUSM_AUTHFAIL

· Source IP Address: To identify which device is failing.

· Engine ID: To correlate the failure with the mttrapd.conf cache.

· User ID: To verify if the correct credential is being used.

· Protocol used for authentication (example: SHA)

· Protocol used for privacy (example: AES)

· sec_level=authPriv

Note: the protocols details are also requested in case the authentication failure was due to protocol mismatches.

4. Rules Processing: This string is sent to the mttrapd.snmpwatch.rules, where it is parsed into a probe watch alert for the ObjectServer.

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.