Home
N2OS SDK
The N2OS Software Development Kit (SDK).
Data model reference
The data model reference for query entities.
captured_logs
Logs captured passively over the network.

N2OS SDK
The N2OS Software Development Kit (SDK).
- Scriptable protocols
  The Lua scripting API for building a custom protocol decoder.
- Scriptable variables
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- OpenAPI
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- Data model reference
  The data model reference for query entities.
  - alerts
    A list of alerts that Guardian raises.
  - appliances
    This query source contains information about the sensors connected to the current CMC or Guardian.
  - assertions
    An assertion represents an automatic check against other query sources.
  - assets
    Assets represent a local, physical system, and can be composed of one or more nodes.
  - asset_cves
    View of Node Common Vulnerability and Exposures (CVE) grouped by CVE and asset.
  - captured_logs
    Logs captured passively over the network.
  - captured_urls
    URLs and other protocol calls found in the network. Access to files, requests to DNS, requested URLs and others are available in this query source.
  - function_codes
    Function codes used in the environment.
  - health_log
    Health-related events about the system - like high resource utilization or hardware-related issues or events.
  - link_events
    Events that can occur on a link, including being available or not.
  - links
    Links are protocol relations between two nodes with a specific protocol. They model the interaction between nodes.
  - node_cpe_changes
    When a Common Platform Enumeration (CPE) updates, it creates an entry in this query source to track software updates or to detect software.
  - node_cpes
    Lists Common Platform Enumerations (CPEs), that is software or components connected to a specific node in the system.
  - node_cves
    Vulnerabilities are matched against current CVEs.
  - node_points
    Data points are polled via Smart Polling from monitored nodes.
  - nodes
    A list of nodes, where a node is an L2 or L3 or other entity able to speak some protocol.
  - report_files
    Generated reports available for consultation.
  - sessions_history
    Archived sessions.
  - sessions
    Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.
  - variable_history
    History of values for variables, where history has been enabled.
  - variables
    Variables extracted via DPI from the monitored system.
- Data integration best practices
  A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.

captured_logs

Logs captured passively over the network.


id	Primary key of this query source
time	Timestamp in epoch milliseconds when this entity was created or updated
appliance_id	The id of the sensor where this entity has been observed
appliance_ip	The internet protocol (IP) address of the sensor where this entity has been observed
appliance_host	The hostname of the sensor where this entity has been observed
synchronized	True if this entity has been synchronized with the upper Central Management Console (CMC) or Vantage
id_src	Source id of the packet where the log was captured
id_dst	Destination id of the packet where the log was captured
protocol	The protocol in which this entity has been observed
log	Log contents
replicated	This is true if the record has been replicated on the replica machine
sync_time	Timestamp in epoch milliseconds when the event was synchronized