Home
Resources
N2OS Software Development Kit
The N2OS Software Development Kit (SDK).
Data model reference
The data model reference for query entities.
captured_logs
Logs captured passively over the network.

Resources
- Release Notes
  Access the release notes for release-based products.
- N2OS Configuration
  The N2OS Configuration - Reference Guide.
- N2OS Software Development Kit
  The N2OS Software Development Kit (SDK).
  - Scriptable protocols
    The Lua scripting API for building a custom protocol decoder.
  - Scriptable variables
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - OpenAPI
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - Data model reference
    The data model reference for query entities.
    - alerts
      A list of alerts that Guardian raises.
    - appliances
      This query source contains information about the sensors connected to the current CMC or Guardian.
    - assertions
      An assertion represents an automatic check against other query sources.
    - assets
      Assets represent a local, physical system, and can be composed of one or more nodes.
    - asset_cves
      View of Node Common Vulnerability and Exposures (CVE) grouped by CVE and asset.
    - captured_logs
      Logs captured passively over the network.
    - captured_urls
      URLs and other protocol calls found in the network. Access to files, requests to DNS, requested URLs and others are available in this query source.
    - function_codes
      Function codes used in the environment.
    - health_log
      Health-related events about the system - like high resource utilization or hardware-related issues or events.
    - link_events
      Events that can occur on a link, including being available or not.
    - links
      Links are protocol relations between two nodes with a specific protocol. They model the interaction between nodes.
    - node_cpe_changes
      When a Common Platform Enumeration (CPE) updates, it creates an entry in this query source to track software updates or to detect software.
    - node_cpes
      Lists Common Platform Enumerations (CPEs), that is software or components connected to a specific node in the system.
    - node_cves
      Vulnerabilities are matched against current CVEs.
    - node_points
      Data points are polled via Smart Polling from monitored nodes.
    - nodes
      A list of nodes, where a node is an L2 or L3 or other entity able to speak some protocol.
    - report_files
      Generated reports available for consultation.
    - sessions_history
      Archived sessions.
    - sessions
      Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.
    - variable_history
      History of values for variables, where history has been enabled.
    - variables
      Variables extracted via DPI from the monitored system.
  - Data integration best practices
    A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.
- Integration Guides
  Integration guides to help you use applications that integrate with Nozomi Networks products.
- Reference Guides
  Additional reference guides with information on items such as Alerts and Incidents and Federal Information Processing Standards (FIPS).
- Quick Start Guides
  Hardware Quick Start Guides.
- Security
  Stay up-to-date with the most recent information and solutions for all vulnerabilities that affect Nozomi Networks products.
- Print format documentation
  A list of all the technical documentation that is available in print format.
- Documentation archive
  Access previous versions of the technical documentation.

captured_logs

Logs captured passively over the network.


id	Primary key of this query source
time	Timestamp in epoch milliseconds when this entity was created or updated
appliance_id	The id of the sensor where this entity has been observed
appliance_ip	The internet protocol (IP) address of the sensor where this entity has been observed
appliance_host	The hostname of the sensor where this entity has been observed
synchronized	True if this entity has been synchronized with the upper Central Management Console (CMC) or Vantage
id_src	Source id of the packet where the log was captured
id_dst	Destination id of the packet where the log was captured
protocol	The protocol in which this entity has been observed
log	Log contents
replicated	This is true if the record has been replicated on the replica machine
sync_time	Timestamp in epoch milliseconds when the event was synchronized