Home
N2OS SDK
The N2OS Software Development Kit (SDK).
Data model reference
The data model reference for query entities.
assertions
An assertion represents an automatic check against other query sources.

N2OS SDK
The N2OS Software Development Kit (SDK).
- Scriptable protocols
  The Lua scripting API for building a custom protocol decoder.
- Scriptable variables
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- OpenAPI
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- Data model reference
  The data model reference for query entities.
  - alerts
    A list of alerts that Guardian raises.
  - appliances
    This query source contains information about the sensors connected to the current CMC or Guardian.
  - assertions
    An assertion represents an automatic check against other query sources.
  - assets
    Assets represent a local, physical system, and can be composed of one or more nodes.
  - asset_cves
    View of Node Common Vulnerability and Exposures (CVE) grouped by CVE and asset.
  - captured_logs
    Logs captured passively over the network.
  - captured_urls
    URLs and other protocol calls found in the network. Access to files, requests to DNS, requested URLs and others are available in this query source.
  - function_codes
    Function codes used in the environment.
  - health_log
    Health-related events about the system - like high resource utilization or hardware-related issues or events.
  - link_events
    Events that can occur on a link, including being available or not.
  - links
    Links are protocol relations between two nodes with a specific protocol. They model the interaction between nodes.
  - node_cpe_changes
    When a Common Platform Enumeration (CPE) updates, it creates an entry in this query source to track software updates or to detect software.
  - node_cpes
    Lists Common Platform Enumerations (CPEs), that is software or components connected to a specific node in the system.
  - node_cves
    Vulnerabilities are matched against current CVEs.
  - node_points
    Data points are polled via Smart Polling from monitored nodes.
  - nodes
    A list of nodes, where a node is an L2 or L3 or other entity able to speak some protocol.
  - report_files
    Generated reports available for consultation.
  - sessions_history
    Archived sessions.
  - sessions
    Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.
  - variable_history
    History of values for variables, where history has been enabled.
  - variables
    Variables extracted via DPI from the monitored system.
- Data integration best practices
  A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.

assertions

An assertion represents an automatic check against other query sources.


query	The query that is run as basis of the assertion
result	True if the assertion is satisfied, false if it is failing
name	Name of the assertion
failed_since	Time of since failure, in epoch milliseconds
id	Primary key of this query source
can_send_alert	True if the assertion will raise alerts
has_sent_alert	True if the assertion has sent alerts in the past
bpf_filter	Berkeley Packet Filter (BPF) filter used to capture traffic on failure
failures_count	Number of failures
time	Timestamp in epoch milliseconds when this entity was created or updated
alert_delay	Delay in seconds before an alert is raised. Can be used as soft limit to handle flipping-states situations.
can_request_trace	True if a trace will be requested on failure
alert_risk	Risk of raised alerts
is_security	True if the assertion is a Cybersecurity assertion. False otherwise (e.g. a network monitoring one)
group_id	(Internal use)
note	Note about the assertion
deleted_at	Time the entity was cancelled
replicated	This is true if the record has been replicated on the replica machine
synchronized	True if this entity has been synchronized with the upper Central Management Console (CMC) or Vantage or Vantage
propagate_to_appliances	(Internal use)
propagated	(Internal use)