Home
N2OS SDK
The N2OS Software Development Kit (SDK).
Data model reference
The data model reference for query entities.
sessions
Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.

N2OS SDK
The N2OS Software Development Kit (SDK).
- Scriptable protocols
  The Lua scripting API for building a custom protocol decoder.
- Scriptable variables
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- OpenAPI
  The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
- Data model reference
  The data model reference for query entities.
  - alerts
    A list of alerts that Guardian raises.
  - appliances
    This query source contains information about the sensors connected to the current CMC or Guardian.
  - assertions
    An assertion represents an automatic check against other query sources.
  - assets
    Assets represent a local, physical system, and can be composed of one or more nodes.
  - asset_cves
    View of Node Common Vulnerability and Exposures (CVE) grouped by CVE and asset.
  - captured_logs
    Logs captured passively over the network.
  - captured_urls
    URLs and other protocol calls found in the network. Access to files, requests to DNS, requested URLs and others are available in this query source.
  - function_codes
    Function codes used in the environment.
  - health_log
    Health-related events about the system - like high resource utilization or hardware-related issues or events.
  - link_events
    Events that can occur on a link, including being available or not.
  - links
    Links are protocol relations between two nodes with a specific protocol. They model the interaction between nodes.
  - node_cpe_changes
    When a Common Platform Enumeration (CPE) updates, it creates an entry in this query source to track software updates or to detect software.
  - node_cpes
    Lists Common Platform Enumerations (CPEs), that is software or components connected to a specific node in the system.
  - node_cves
    Vulnerabilities are matched against current CVEs.
  - node_points
    Data points are polled via Smart Polling from monitored nodes.
  - nodes
    A list of nodes, where a node is an L2 or L3 or other entity able to speak some protocol.
  - report_files
    Generated reports available for consultation.
  - sessions_history
    Archived sessions.
  - sessions
    Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.
  - variable_history
    History of values for variables, where history has been enabled.
  - variables
    Variables extracted via DPI from the monitored system.
- Data integration best practices
  A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.

sessions

Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time.


id	Primary key of this query source
status	Tells if the session is ACTIVE, CLOSED, SYN, SYN-ACK
direction_is_known	True if the session direction has been discovered. If false, from and to may be swapped.
from	Client node id
to	Server node id
from_zone	Client zone
to_zone	Server zone
transport_protocol	Transport protocol of the session
from_port	Port on the client side
to_port	Port on the server side
protocol	The protocol in which this entity has been observed
vlan_id	The virtual local area network (VLAN) identifier (ID) of the session. It can be absent if the traffic of the session is not VLAN-tagged.
transferred.packets	Total number of packets transmitted
transferred.bytes	Total number of bytes transmitted
transferred.last_5m_bytes	Number of bytes transmitted in the last 5 minutes
transferred.last_15m_bytes	Number of bytes transmitted in the last 15 minutes
transferred.last_30m_bytes	Number of bytes transmitted in the last 30 minutes
transferred.smallest_packet_bytes	Smallest packet size in bytes observed
transferred.biggest_packet_bytes	Biggest packet size in bytes observed
transferred.avg_packet_bytes	Average packet size in bytes observed
throughput_speed	Live throughput for the entity
first_activity_time	Timestamp in epoch milliseconds when this session was found for the first time
last_activity_time	Timestamp in epoch milliseconds when this session was detected for the last time
key	(Internal use)
bpf_filter	Berkeley Packet Filter (BPF) filter for the entity, used when performing traces for this entity