Home
Resources
N2OS Software Development Kit
The N2OS Software Development Kit (SDK).
Data model reference
The data model reference for query entities.
assertions
An assertion represents an automatic check against other query sources.

Resources
- Release Notes
  Access the release notes for release-based products.
- N2OS Configuration
  The N2OS Configuration - Reference Guide.
- N2OS Software Development Kit
  The N2OS Software Development Kit (SDK).
  - Scriptable protocols
    The Lua scripting API for building a custom protocol decoder.
  - Scriptable variables
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - OpenAPI
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - Data model reference
    The data model reference for query entities.
    - alerts
      A list of alerts that Guardian raises.
    - appliances
      This query source contains information about the sensors connected to the current CMC or Guardian.
    - assertions
      An assertion represents an automatic check against other query sources.
    - assets
      Assets represent a local, physical system, and can be composed of one or more nodes.
    - asset_cves
      View of Node Common Vulnerability and Exposures (CVE) grouped by CVE and asset.
    - captured_logs
      Logs captured passively over the network.
    - captured_urls
      URLs and other protocol calls found in the network. Access to files, requests to DNS, requested URLs and others are available in this query source.
    - function_codes
      Function codes used in the environment.
    - health_log
      Health-related events about the system - like high resource utilization or hardware-related issues or events.
    - link_events
      Events that can occur on a link, including being available or not.
    - links
      Links are protocol relations between two nodes with a specific protocol. They model the interaction between nodes.
    - node_cpe_changes
      When a Common Platform Enumeration (CPE) updates, it creates an entry in this query source to track software updates or to detect software.
    - node_cpes
      Lists Common Platform Enumerations (CPEs), that is software or components connected to a specific node in the system.
    - node_cves
      Vulnerabilities are matched against current CVEs.
    - node_points
      Data points are polled via Smart Polling from monitored nodes.
    - nodes
      A list of nodes, where a node is an L2 or L3 or other entity able to speak some protocol.
    - report_files
      Generated reports available for consultation.
    - sessions_history
      Archived sessions.
    - sessions
      Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.
    - variable_history
      History of values for variables, where history has been enabled.
    - variables
      Variables extracted via DPI from the monitored system.
  - Data integration best practices
    A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.
- Integration Guides
  Integration guides to help you use applications that integrate with Nozomi Networks products.
- Reference Guides
  Additional reference guides with information on items such as Alerts and Incidents and Federal Information Processing Standards (FIPS).
- Quick Start Guides
  Hardware Quick Start Guides.
- Security
  Stay up-to-date with the most recent information and solutions for all vulnerabilities that affect Nozomi Networks products.
- Print format documentation
  A list of all the technical documentation that is available in print format.
- Documentation archive
  Access previous versions of the technical documentation.

assertions

An assertion represents an automatic check against other query sources.


query	The query that is run as basis of the assertion
result	True if the assertion is satisfied, false if it is failing
name	Name of the assertion
failed_since	Time of since failure, in epoch milliseconds
id	Primary key of this query source
can_send_alert	True if the assertion will raise alerts
has_sent_alert	True if the assertion has sent alerts in the past
bpf_filter	Berkeley Packet Filter (BPF) filter used to capture traffic on failure
failures_count	Number of failures
time	Timestamp in epoch milliseconds when this entity was created or updated
alert_delay	Delay in seconds before an alert is raised. Can be used as soft limit to handle flipping-states situations.
can_request_trace	True if a trace will be requested on failure
alert_risk	Risk of raised alerts
is_security	True if the assertion is a Cybersecurity assertion. False otherwise (e.g. a network monitoring one)
group_id	(Internal use)
note	Note about the assertion
deleted_at	Time the entity was cancelled
replicated	This is true if the record has been replicated on the replica machine
synchronized	True if this entity has been synchronized with the upper Central Management Console (CMC) or Vantage or Vantage
propagate_to_appliances	(Internal use)
propagated	(Internal use)