Home
CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
User Guide
Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
Queries
You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
Basic operators

CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
  - Sensors
    The Sensors page lets you view all of the sensors that you have in your system.
  - Alerts
    The Alerts page shows all the latest alerts in the system. It lets you view the alerts in different modes, and carry out actions on the alerts.
  - Assets
    The Assets page shows all the physical components and systems in the local network environment and their associated details. It also lets you perform actions on those assets. Depending on the nodes and components involved, assets can range from a simple personal computer to an operational technology (OT) device.
  - Queries
    You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
  - Smart Polling in CMC
    The Smart Polling page gives you a read-only view of Smart Polling.
  - Arc in CMC
    Arc™ is a host-based sensor that detects and defends against malicious or compromised endpoints, and insider attacks. You can use Arc sensors to aggregate data for analysis and reports, either on-premises, or in the Vantage cloud.
  - Reports
    The Reports page lets you manage, generate, schedule and view reports.
  - Assertions
    The Assertions page shows all the assertions and lets you configure them.
  - Vulnerabilities
    The Nozomi Networks software continuously discovers vulnerabilities in monitored assets.
  - Administration
  - Personal settings
    The personal settings page lets you do actions that are specific to your profile.
  - Troubleshooting
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Basic operators


Operator	`\|`(pipe, AND logical operator)
Description	Add a where clause with a logical AND, append it using the pipe character (`\|`). For example, the query below returns links that are from 192.168.254.0/24 `AND` going to 172.217.168.0/24.
Example	links \| where from in_subnet? 192.168.254.0/24 \| where to in_subnet? 172.217.168.0/24


Operator	`OR`
Description	To add a where clause with a logical OR, append it using the OR operator. For example, the query below returns links with either the http `OR` the https protocols.
Example	links \| where protocol == http OR protocol == https


Operator	`!` (exclamation point, NOT logical operator)
Description	Put an exclamation point (`!`) before a term to negate it. For example, the query below returns links that do NOT (`!`) belong to 192.168.254.0/24.
Example	nodes \| where ip !in_subnet? 192.168.254.0/24 \| count


Operator	`->`
Description	To change a column name, select it and use the `->` operator followed by the new name. It is worth noting that specific suffixes are parsed and used to visualize the column content differently. For example: `_time` data is shown in a timestamp format (1647590986549 becomes 2022-03-18 09:09:46.549) `_bytes` adds KB or MB, as applicable (50 becomes 50.0 B) `_percent` adds a percentage sign (50 becomes 50%) `_speed` adds a throughput speed in Mb/s (189915 becomes 1.8 Mb/s) `_date` converts numbers into a date format (2022-06-22 15:43:31.297 becomes 2022-06-2214:24:09.280 becomes 2022-06-24 (current day)) `_packets` adds pp after the number of packets (50 becomes 50 pp)
Example 1	`nodes \| select created_at created_at->my_integer \| where my_integer > 946684800000`
Example 2	`nodes \| select created_at->my_creation_time`
Example 3	`nodes \| select tcp_retransmission.bytes->my_retrans_bytes`


Operators	`==`, `=`, `<`, `>`, `<=`, and `>=`
Description	Queries support the mathematical operators listed above.


Operator	`"` (Quotation marks)
Description	Use quotation marks (`"`) to specify an empty string. Consider these two cases where this technique is useful: Finding non-empty values. Example 1 below returns assets where the `os` field is not blank. Specifying that a value in the query is a string (if its type is ambiguous). Example 2 below tells concat to treat the `"--"` parameter as a fixed string to use rather than as a field from the alerts table.
Example 1	`assets \| where os != ""`
Example 2	`alerts \| select concat(id_src,"--",id_dst)`


Operator	`in?`
Description	`in?` is only used with arrays; the field `type` must be an array. The query looks for the text strings you specify using `in?` and returns arrays that match one of them. The example below uses `in?` to find any node having `computer` or `printer` as elements in the array.
Example	`assets \| where type in? ["computer","printer_scanner"]`


Operator	`include?`
Description	The query looks for the text string you specify using `include?` and returns strings that match it. The example below uses `include?` to find assets where the os field contains the string Win.
Example	`assets \| where os include? Win`