Columns
Table | Type | Column | Type | Size | Nulls | Auto | Default | Comments |
---|---|---|---|---|---|---|---|---|
mapnode | Table | label | text | 2147483647 | √ | null | Label value for mapnode record. |
|
scantype | Table | id | serial | 10 | √ | nextval('zone.scantype_id_seq'::regclass) | Unique identifier for scantype record |
|
profiles | View | confidence | int4 | 10 | √ | null | ||
target_hist | Table | details | text | 2147483647 | √ | null | ||
snmpaliasgroup | Table | name | text | 2147483647 | null | Unique name for snmpaliasgroup record. Currently, Spectre has only one snmpaliasgroup name and is called common |
||
cloudalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
profiledata | Table | zone_id | int4 | 10 | null | |||
nackcandidate | Table | scantype_id | int4 | 10 | null | |||
updates | Table | type | text | 2147483647 | √ | null | ||
interface_route | Table | nexthop | inet | 2147483647 | √ | null | Next hop for this route. |
|
mapnode | Table | ycoord | float4 | 8 | √ | null | Y coordinate value for mapnode record. |
|
route | Table | target | bool | 1 | √ | null | Boolean indicating if given route is in targeted CIDR list for any collectors of this zone. Targeted CIDR list represents CIDRs set in Discovery Spaces => Target List table. Set to true if it is targeted, false otherwise |
|
routeprotocol | Table | protocol | text | 2147483647 | √ | null | Value for protocol. |
|
attributes | View | ip | inet | 2147483647 | √ | null | The IP Address of the device for which the attribute is saved. |
|
edge | Table | interface_id1 | int4 | 10 | √ | null | ||
profiles | View | attribute | text | 2147483647 | √ | null | ||
target_highpriority | Table | batchid | int4 | 10 | √ | null | ||
path | Table | protocols | _text | 2147483647 | √ | null | ||
device_attribute | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given attribute. It gets updated with curren timestamp everytime device response is received for an attribute. |
|
path | Table | hops | _inet | 2147483647 | √ | null | ||
device_ports | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface_host | Table | vlans | _int4 | 10 | null | Array of vlans for given interface host. device->interface->switchInfo->vlans gets normalized here. |
||
device_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given device response record. It maps to profile.pattern.id |
||
updatetargetspace_log | Table | parameters | _text | 2147483647 | √ | null | Parameters passed in for update target processing. Possible parameters are onlyDeletes and verification |
|
target_hist | Table | collector_id | int4 | 10 | null | |||
device_values | Table | forwarder | bool | 1 | √ | false | Boolean flag indicating if given device is a forwarder. Set to true if it is forwarder, false otherwise. |
|
path | Table | id | serial | 10 | √ | nextval('zone.path_id_seq'::regclass) | ||
snmpalias | Table | credential | text | 2147483647 | √ | null | Credentials for snmpalias record. Credentials are stored in following format. <version of credential(either v2 or v3)>:alias name:encoded credentials. |
|
target_hist | Table | scantype_id | int4 | 10 | null | |||
device_attribute | Table | attributetype_id | int4 | 10 | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, serialNumber. |
||
device_match | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given profile type record. It maps to profile.pattern.id |
||
interface | Table | iftable_id | int4 | 10 | null | |||
device_values | Table | snmpresponder | bool | 1 | √ | false | Boolean flag indicating if given device responded to snmpDiscovery scan type. Set to true if it responded to snmpDiscovery, false otherwise. |
|
attributes | View | attribute | text | 2147483647 | √ | null | The value for the system attribute |
|
device | Table | id | serial | 10 | √ | nextval('zone.device_id_seq'::regclass) | Unique identifier for device record |
|
certificatepath_pattern | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath_pattern record |
||
protocol | Table | protocol | text | 2147483647 | √ | null | Value of protocol. Valid values are arp, udp, icmp, snmp, snmpv2, tcp, dns, http, https, cifs, dhcp |
|
device | Table | meta | bool | 1 | √ | false | Boolean flag that indicates whether this device was discovered and has gone through any type of consolidation. Value of false means that the device was discovered and has not gone through any consolidation. Value of true means it was consolidated as part of another discovery. |
|
route | Table | internal | bool | 1 | √ | null | Boolean indicating if given route is in internal CIDR list for this zone. Internal CIDR list represents CIDRs set in Zone Networks => Internal List.Set to true if it is internal, false otherwise |
|
device_response | Table | ports | _int4 | 10 | √ | null | List of ports (if any) that constituted this response. For example, for cifs response, it will be set to 445, for host response coming from dns, it will be set to 53. This column is only populated for httpDetails, hostDiscovery and cifs. Device->response->ports get normalized in this column. It contains all the list of ports a device has received response from for a given scan type and protocol at any given point in time. |
|
attribute | Table | attributetype_id | int4 | 10 | √ | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, ASName, SerialNumber, known, avoid. For complete list, please see system.attributetype table. |
|
links | View | layer | text | 2147483647 | √ | null | ||
device_snmpalias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given alias. It gets updated with current timestamp everytime a device response is received for an SNMP alias. |
|
target | Table | batchid | int4 | 10 | √ | null | A serial number that gets inserted each time a collector is given list of targets. It contains nextval('zone.target_batch_id'). |
|
target | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id |
||
profiles | View | device_id | int4 | 10 | √ | null | ||
portgroup | Table | name | text | 2147483647 | null | Unique name for portgroup record. Values for name are, common, vulnerable, infectious. Please note that at the moment only vulnerable and infectious groups are used in discovery. |
||
device_match | Table | attribute_id | int4 | 10 | null | Id of an attribute/value for given match record. It maps to profile.attribute. All values for profile.attribute comes from pattern->attribute value of patterns.xml |
||
mapnode | Table | height | float4 | 8 | √ | null | Height value for mapnode record. |
|
device | Table | zone_id | int4 | 10 | null | Zone Id of a device record. Since zone.device table is a parent table for all partitioned (by zone_id) tables, same IP Address can be found while querying zone.device table for different zone_id. It maps to zone.id column |
||
interface_host | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface host. |
||
interface | Table | vlans | _int4 | 10 | √ | null | ||
links | View | device1 | text | 2147483647 | √ | null | ||
profiles | View | expression | text | 2147483647 | √ | null | ||
attribute_cidr | Table | attributetype_id | int4 | 10 | null | Id of attribute type. Maps to system.attributetype.id |
||
profiledata | Table | timestamp | timestamp | 29 | √ | transaction_timestamp() | ||
interface_route | Table | route | cidr | 2147483647 | √ | null | Route for this interface_route record. Same value can be found from route.id for matching route_id but it is inserted here as a form of denormalization for faster data retrieval. |
|
profiles | View | identity | text | 2147483647 | √ | null | ||
attributes | View | identity | text | 2147483647 | √ | null | ||
link | Table | device_id2 | int4 | 10 | null | To Device Id for link record. It maps to zone.device.id. |
||
device_response | Table | collector_id | int4 | 10 | null | Collector Id of a device this record belongs to. It maps to system.collector.id |
||
device_cloudalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface | Table | rootport | bool | 1 | √ | null | Rootport of interface. It is normalized from device->interface->index->switchInfo->rootPort. |
|
device_values | Table | vendor | text | 2147483647 | √ | null | Indicates vendor of this device. For the most up to date and accurate vendor info, use device_match table. |
|
targetm | Table | device_id | int4 | 10 | √ | null | ||
interface | Table | trunk | bool | 1 | √ | null | Trunk of interface. It is normalized from device->interface->switchInfo->trunkPort. |
|
device_values | Table | devicetype | text | 2147483647 | √ | null | Indicates devicetype of this device. For the most up to date and accurate devicetype info, use device_match table. |
|
links | View | device_id1 | int4 | 10 | √ | null | ||
protocol_numbers | Table | keyword | text | 2147483647 | √ | null | ||
nackcandidate | Table | collector_id | int4 | 10 | null | |||
device_certificate | Table | zone_id | int4 | 10 | null | Zone Id of a device_certificate record. It maps to zone.id column |
||
acknowledgeddevice | Table | device_id | int4 | 10 | null | |||
nackcandidate | Table | id | serial | 10 | √ | nextval('zone.nackcandidate_id_seq'::regclass) | ||
interface | Table | description | text | 2147483647 | √ | null | Description of interface. It is normalized from device->interface->description. |
|
device_values | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
snmpalias | Table | id | serial | 10 | √ | nextval('zone.snmpalias_id_seq'::regclass) | Unique identifier for snmpalias record |
|
cloudalias | Table | id | serial | 10 | √ | nextval('zone.cloudalias_id_seq'::regclass) | unique identifier for cloudalias record |
|
device_pattern | Table | port_match | bool | 1 | √ | null | A boolean flag that is set to true if pattern that matched is result of match against services. Services patterns are the ones that are based on certain ports being open. So, if we find open ports and they match with any patterns, port_match is set to true |
|
device_values | Table | leakoutbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to outboundLeak scan type. Set to true if it responded to outboundLeak, false otherwise. |
|
interface_route | Table | routetype_id | int4 | 10 | √ | null | Route Type id. Maps to zone.routetype.id |
|
device_values | Table | version | text | 2147483647 | √ | null | Indicates version of this device. For the most up to date and accurate version info, use device_match table. |
|
linkset | Table | zone_id | int4 | 10 | √ | null | Zone Id for linkset record. It maps to system.zone.id |
|
path | Table | collector_id | int4 | 10 | null | |||
interface_address | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface address. |
||
result | Table | result | text | 2147483647 | √ | null | ||
profiles | View | parent_id | int4 | 10 | √ | null | ||
attribute_cidr | Table | hasresponses | bool | 1 | √ | false | Boolean flag set to true or false indicating if CIDR (in cidrval column) contains any device that has any responses recorded. Set to true if there is any entry in device_response for any device containing this CIDR record, false otherwise |
|
target_highpriority | Table | cidrval | cidr | 2147483647 | null | |||
macvendor_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for macvendor_pattern record. It maps to profile.pattern.id |
||
acknowledgeddevice | Table | created_time | timestamp | 29 | √ | now() | ||
device_vendor | View | device_id | int4 | 10 | √ | null | ||
profiledata_pattern | Table | profiledata_id | int4 | 10 | null | Profiledata Id for profiledata_pattern record. It maps to zone.profiledata.id |
||
device_values | Table | trusted | bool | 1 | √ | false | Boolean flag indicating if given device is trusted for this zone. Set to true if trusted, false otherwise. By trusted, it means that the device is set under Zone->Zone Network->Eligible List. |
|
updatetargetspace_log | Table | id | serial | 10 | √ | nextval('zone.updatetargetspace_log_id_seq'::regclass) | Unique identifier for updatetargetspace_log record |
|
profiledata | Table | hash | text | 2147483647 | null | MD5 hash of the (normalized) data column |
||
firemon_risk_range | Table | start1 | int4 | 10 | √ | null | ||
protocol | Table | id | serial | 10 | √ | nextval('zone.protocol_id_seq'::regclass) | Unique identifier for protocol record |
|
targetm | Table | collector_id | int4 | 10 | √ | null | ||
device_vendor | View | vendor | text | 2147483647 | √ | null | ||
target_shadow | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id however, there is no foreign key relation specified for this column. |
||
target_shadow | Table | detailsold | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. A non null value indicates update and holds details column value from target table prior to update. A null value indicates that this record was an insert. |
|
iftable_vlan | Table | vlan | int4 | 10 | null | Vlan number. |
||
link | Table | linkset_id | int4 | 10 | null | Linkset Id for link record. It maps to zone.linkset.id. It identifies whether this link is host or node and whether it is representing layer2 link or layer3 link |
||
interface_address | Table | zone_id | int4 | 10 | null | Zone Id for interface address record. |
||
config | Table | key | text | 2147483647 | √ | null | Key represents collector configuration information. Each key is unique for a given collector_id and zone_id record. For specific scantype, the key is represented as |
|
updates | Table | fields | hstore | 2147483647 | √ | null | ||
interface_host | Table | device_id | int4 | 10 | null | Device Id of MAC that is host for this interface. |
||
mapnode | Table | acknowledged_time | timestamp | 29 | √ | now() | Timestamp when given map node record was acknowledged. Set only if mapnode.acknowledged is set to true. |
|
device_values | Table | target | bool | 1 | √ | false | Boolean flag indicating if given device is targeted for this zone (as part of any collector). Set to true if targeted, false otherwise. By targeted, it means that the device is set under Zone->Discovery Spaces->Target List. |
|
updatetargetspace_log | Table | last_run | timestamp | 29 | √ | now() | Time when update target was run for this reord |
|
profiledata | Table | id | serial | 10 | √ | nextval('zone.profiledata_id_seq'::regclass) | ||
scantype_alias | Table | alias | text | 2147483647 | √ | null | Alias for scantype that gets displayed on UI for Discovery Statistics By Discovery Types report. |
|
certificatepath | Table | path | text | 2147483647 | √ | null | Certificate text that is received in the response. |
|
snmpalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
target_hist | Table | expandedconfig | text | 2147483647 | √ | null | ||
device_snmpalias | Table | snmpalias_id | int4 | 10 | null | Id of a snmpalias this record belongs to. It maps to zone.snmpalias.id |
||
target_hist | Table | ordid | float4 | 8 | √ | random() | ||
target_highpriority | Table | collector_id | int4 | 10 | null | |||
macvendor_pattern | Table | macvendor_id | int4 | 10 | null | MacVendor id for macvendor_pattern record. It maps to system.macvendor.id |
||
device_response | Table | id | serial | 10 | √ | nextval('zone.device_response_id_seq'::regclass) | Unique identifier for device response record |
|
attributeconfig | View | cidrval | cidr | 2147483647 | √ | null | This column stores the value of the CIDR |
|
target_shadow | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id however, there is no foreign key relation specified for this column. |
|
certificate | Table | startdate | timestamp | 29 | √ | null | Start date for the certificate |
|
device_cloudalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_cloudalias record. It maps to zone.id |
||
snmpalias | Table | zone_id | int4 | 10 | null | Zone Id for snmpalias record. It maps to system.zone.id |
||
interface_route | Table | routeprotocol_id | int4 | 10 | √ | null | Router Protocol id. Maps to zone.routerprotocol.id |
|
targetm | Table | scantype_id | int4 | 10 | √ | null | ||
device_ports | Table | closed_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported closed. Sample values - "21"=>"25048310", "23"=>"25048310", "25"=>"25048310"≠ |
|
interface_address | Table | ip | inet | 2147483647 | √ | null | IP address of interface. |
|
device_snmpalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
map | Table | description | text | 2147483647 | √ | null | ||
path | Table | hash | text | 2147483647 | √ | null | ||
target_shadow | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id however, there is no foreign key relation specified for this column. |
||
target_shadow | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
updatetargetspace_log | Table | message | text | 2147483647 | √ | null | Status message indicating start and completion for update target processing |
|
device_pattern | Table | macvendor_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from macvendor. It maps to system.macvendor.id |
|
target_highpriority | Table | route_id | int4 | 10 | √ | null | ||
attribute_cidr | Table | id | serial | 10 | √ | nextval('zone.attribute_cidr_id_seq'::regclass) | Unique identifier for attribute_cidr record |
|
device | Table | maclastobserved | timestamptz | 35 | √ | now() | Timestamp of the last time this MAC/IP pairing was seen. This will be used to potentially time out the MAC address for this device (which might occur if the device picks up its address via DHCP and moves from one subnet to another on the network) |
|
device_wmialias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given WMI alias. It gets updated with current timestamp everytime a device response for WMI discovery is received for an alias. |
|
target_hist | Table | last_target | timestamp | 29 | √ | null | ||
targetm | Table | zone_id | int4 | 10 | √ | null | ||
device_vendor | View | vendor_source | text | 2147483647 | √ | null | ||
target_shadow | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id however, there is no foreign key relation specified for this column. |
|
device_vendor | View | mac | text | 2147483647 | √ | null | ||
mapnode | Table | acknowledged | bool | 1 | √ | false | Boolean flag indicating if this map node has being acknowledged. |
|
map | Table | id | serial | 10 | √ | nextval('zone.map_id_seq'::regclass) | ||
attribute_cidr | Table | cidrval | cidr | 2147483647 | null | CIDR value for attribute_cidr record |
||
targetm | Table | config | text | 2147483647 | √ | null | ||
device_certificate | Table | certificate_id | int4 | 10 | null | Unique identifier for certificat record. It maps to zone.certificate.id |
||
firemon_risk_range | Table | end1 | int4 | 10 | √ | null | ||
device_attribute | Table | zone_id | int4 | 10 | null | Zone Id of a device_attribute record. It maps to zone.id column |
||
links | View | name1 | text | 2147483647 | √ | null | ||
device | Table | device_id | int4 | 10 | √ | null | Parent Id of a device. parent child relationship is implemented with self join to device table. If this field is not null, it indicates that this device is a child device and device.id that matches up with this zone.device.device_id is parent of this child. |
|
attribute_cidr | Table | timestamp | timestamp | 29 | √ | now() | Timestamp when this record was created/updated. |
|
attribute_cidr | Table | attribute_id | int4 | 10 | √ | null | Id of attribute value. Maps to zone.attribute.id |
|
device_attribute | Table | attribute_id | int4 | 10 | √ | null | Id of attribute this mapping represents. It maps to zone.attribute.id |
|
protocol_numbers | Table | decimal | int4 | 10 | √ | null | ||
iftable | Table | zone_id | int4 | 10 | null | Zone Id for interface table entry |
||
edge | Table | layer | int4 | 10 | √ | null | ||
target_highpriority | Table | device_id | int4 | 10 | √ | null | ||
certificate | Table | chainorder | int4 | 10 | √ | null | ||
target_hist | Table | cidrval | cidr | 2147483647 | null | |||
iftable_vlan | Table | iftable_id | int4 | 10 | null | Iftable Id for iftable_vlan record. It maps to zone.iftable.id. There is a one to many relationship between iftable id and vlan hence same iftable id can have multiple records for different vlan info |
||
attributes | View | type_id | int4 | 10 | √ | null | Id for system attribute. This maps to system.attributetype.id |
|
device_ports | Table | zone_id | int4 | 10 | null | Zone Id of a device_ports record. It maps to zone.id |
||
certificatepath | Table | time | timestamp | 29 | √ | transaction_timestamp() | Timestamp when this record was created/updated. |
|
certificate | Table | expiredate | timestamp | 29 | √ | null | Expiration date of the certificate |
|
certificatepath | Table | id | serial | 10 | √ | nextval('zone.certificatepath_id_seq'::regclass) | Unique identifier for certificatepath record |
|
target | Table | ordid | float4 | 8 | √ | random() | A Random value used to distribute targets. When collector requests next set of targets, query performs order by ordid before returning target list |
|
interface_host | Table | zone_id | int4 | 10 | √ | null | Zone Id for interface host record. |
|
iftable_vlan | Table | name | text | 2147483647 | null | Name of vlan |
||
device_values | Table | id | serial | 10 | √ | nextval('zone.device_values_id_seq'::regclass) | Unique identifier for device_values record |
|
map | Table | title | text | 2147483647 | √ | null | ||
attributeconfig | View | type | text | 2147483647 | √ | null | Indicates the type of CIDR. Default values are set as follows: type is set to target if CIDR belongs to Discovery Spaces => Target List type is set to avoid if CIDR belongs to Discovery Spaces => Avoid List type is set to stop if CIDR belongs to Discovery Spaces => Stop List type is set to trusted if CIDR belongs to Zone Networks => Eligible List type is set to known if CIDR belongs to Zone Networks => Known List type is set to internal if CIDR belongs to Zone Networks => Internal List type is set to user-defined Label when user adds a Custom Attribute |
|
device_values | Table | unknownroutes | int4 | 10 | √ | 0 | Not being used or populated. |
|
interface_route | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this record was created/updated |
|
nackcandidate | Table | ip | inet | 2147483647 | √ | null | ||
route | Table | zone_id | int4 | 10 | null | Zone Id for route record. It maps to system.zone.id |
||
interface_route | Table | aspath | _int4 | 10 | √ | null | AS Path for this route. |
|
profiledata | Table | rawdata | text | 2147483647 | null | The raw (unnormalized) profile data |
||
map | Table | type | text | 2147483647 | null | |||
device_wmialias | Table | zone_id | int4 | 10 | null | Zone Id of a device_wmialias record. It maps to zone.id |
||
iftable | Table | contenthash | text | 2147483647 | null | Content hash of interface data that is constructed by concatenating interface index, description, name, alias, adminstatus, opstatus, physical address, addresses, vlan, voicevlan, switchinto port, switchinfo rootport, switchinfo trunkport, switchinfo vlans, switchinfo hosts acrosss all incoming interface infomation. It is used to perform a check to decide if any further update on interface is needed or not. For an incoming response, if a hash in iftable machtes with response's hash but contenthash doesn't match, ( Any of the attributes that calculates content hash has changed since last time we got response ) appropariate updates to iftable, interface and interface_hosts are made, else that procesing is skipped. Contenthash will be empty when iftable entry represents device level route processing. |
||
profiles | View | mac | macaddr | 2147483647 | √ | null | ||
interface | Table | adminstatus | int4 | 10 | √ | null | AdminStatus of interface. It is normalized from device->interface->adminStatus. |
|
links | View | name2 | text | 2147483647 | √ | null | ||
attribute | Table | attribute | text | 2147483647 | √ | null | Value of discovered meta data/attribute. |
|
device_response | Table | scantype_id | int4 | 10 | null | Scan Type Id of a device this record belongs to. It maps to zone.scantype.id |
||
device_values | Table | hasresponses | bool | 1 | √ | false | Boolean flag indicating if given device has any responses recorded. Set to true if there is any entry in device_response for this device, false otherwise. |
|
iftable_vlan | Table | zone_id | int4 | 10 | √ | null | Zone Id for iftable_vlan record |
|
cloudalias | Table | zone_id | int4 | 10 | null | Zone Id for cloudalias record. It maps to system.zone.id |
||
interface_route | Table | asnum | int4 | 10 | √ | null | AS Number for this route. |
|
target_shadow | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id however, there is no foreign key relation specified for this column. |
||
profiledata_pattern | Table | zone_id | int4 | 10 | null | Zone Id for profiledata_pattern record. It maps to system.zone.id |
||
map | Table | created_time | timestamp | 29 | √ | now() | ||
device | Table | enterprise_id | int4 | 10 | √ | null | ||
device_response | Table | protocol_id | int4 | 10 | null | Protocol Id of a device this record belongs to. It maps to zone.protocol.id |
||
listsize_by_zone_view | View | zone_id | int4 | 10 | √ | null | ||
device_values | Table | perimeter | bool | 1 | √ | false | Boolean flag indicating if given device is a perimeter device. Set to true if device is internal and contains a link to another device that is not internal, false otherwise. |
|
result | Table | id | serial | 10 | √ | nextval('zone.result_id_seq'::regclass) | ||
device_values | Table | l2hosts | int4 | 10 | √ | 0 | Indicates number of layer2 hosts this device is connected to. In other words, there are l2hosts number of layer2 edges between this device and other devices that are hosts. |
|
target_shadow | Table | id | serial | 10 | √ | nextval('zone.target_shadow_id_seq'::regclass) | Unique identifier for target_shadow record |
|
device_values | Table | known | bool | 1 | √ | false | Boolean flag indicating if given device is known for this zone. Set to true if known, false otherwise. By known, it means that the device is set under Zone->Zone Network->Known List. |
|
target_highpriority | Table | zone_id | int4 | 10 | null | |||
profiles | View | type | text | 2147483647 | √ | null | ||
mapnode | Table | width | float4 | 8 | √ | null | Width value for mapnode record. |
|
target_highpriority | Table | scantype_id | int4 | 10 | null | |||
profiles | View | zone_id | int4 | 10 | √ | null | ||
route | Table | trusted | bool | 1 | √ | null | Boolean indicating if given route is in eligible CIDR list for this zone. Eligible CIDR list represents CIDRs set in Zone Networks => Eligible List.Set to true if it is eligible, false otherwise |
|
target_highpriority | Table | last_target | timestamp | 29 | √ | null | ||
device | Table | lastobserved | timestamp | 29 | √ | now() | Timestamp a device was last observed. Timestamp refers to timestamp/timezone of database server. It gets updated each time a response is received for this device. Note: Each time a response is received and processed for a device, lastobserved gets current timestamp and active gets set to true. |
|
map | Table | preferences | text | 2147483647 | √ | null | ||
interface_route | Table | zone_id | int4 | 10 | null | Zone Id for interface_route record. |
||
profiledata | Table | data | text | 2147483647 | null | The normalized profile data. At least converted to lower case and non printable characters are deleted or escaped. |
||
links | View | zoneid | int4 | 10 | √ | null | ||
interface_route | Table | route_id | int4 | 10 | null | Id of route. It maps to zone.route.id |
||
updatetargetspace_log | Table | count | int4 | 10 | √ | null | Number of records that got impacted by this run and action. |
|
attribute_cidr | Table | collector_id | int4 | 10 | √ | null | Collector Id. Maps to system.collector.id |
|
map | Table | created_by | int4 | 10 | √ | null | ||
profile_translation | Table | content_id | int4 | 10 | √ | null | Content Id for profiledatatype record. |
|
device_profiledata | Table | zone_id | int4 | 10 | null | Zone Id of a device_profiledata record. It maps to zone.id |
||
iftable | Table | iphash | text | 2147483647 | √ | null | Not being used. |
|
wmialias | Table | id | serial | 10 | √ | nextval('zone.wmialias_id_seq'::regclass) | unique identifier for wmialias record |
|
profile_translation | Table | zone_id | int4 | 10 | null | Zone Id for profiledatatype record |
||
attributes | View | mac | macaddr | 2147483647 | √ | null | The MAC Address of the device for which the attribute is saved. |
|
target_highpriority | Table | details | text | 2147483647 | √ | null | ||
device_vendor | View | enterprise | text | 2147483647 | √ | null | ||
portgroup | Table | ports | _int4 | 10 | null | Array of port numbers for given portgroup record. |
||
certificate | Table | issuer_id | int4 | 10 | √ | null | Id for data referencing certificate issuer. It maps to zone.certificatepath.id |
|
device_values | Table | l3peers | int2 | 5 | √ | 0 | Indicates number of layer3 nodes this device is connected to. In other words, there are l3peers number of layer3 edges between this device and other devices that are not hosts. |
|
device_values | Table | routes | int4 | 10 | √ | 0 | Not being used or populated. |
|
device_vendor | View | profiled | text | 2147483647 | √ | null | ||
scantype_alias | Table | scantype | text | 2147483647 | √ | null | Internal scantype value that maps to scantype.type |
|
path | Table | targetcidrs | _cidr | 2147483647 | √ | null | ||
iftable | Table | bridgeaddress | macaddr | 2147483647 | √ | null | Bridge address of an interface table. It is normalized from device->bridgeAddress. It will be null when iftable entry represents device level route processing. |
|
snmpaliasgroup | Table | aliases | _text | 2147483647 | null | Array of credentials for given snmpaliasgroup record. |
||
device_ports | Table | closed | _int4 | 10 | √ | null | List of all ports that are reported closed for a device. Please see table description for more information. |
|
cloudalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.cloudalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
target | Table | id | serial | 10 | √ | nextval('zone.target_id_seq'::regclass) | Unique identifier for target record |
|
mapnode | Table | zone_id | int4 | 10 | null | Zone Id for mapnode record. It maps to system.zone.id |
||
link | Table | id | serial | 10 | √ | nextval('zone.link_id_seq'::regclass) | Unique identifier for link record |
|
wmialias | Table | credential | text | 2147483647 | √ | null | Credentials for wmialias record. Credentials are stored in following format: alias name:domain:encoded credentials. |
|
device_values | Table | model | text | 2147483647 | √ | null | Indicates model of this device. For the most up to date and accurate model info, use device_match table. |
|
device_certificate | Table | device_id | int4 | 10 | null | Id for device record. It maps to zone.device.id |
||
device_values | Table | os | text | 2147483647 | √ | null | Indicates operating system of this device. For the most up to date and accurate operating system info, use device_match table. |
|
target | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
routetype | Table | id | serial | 10 | √ | nextval('zone.routetype_id_seq'::regclass) | Unique identifier for routetype record |
|
interface_route | Table | interface_id | int4 | 10 | null | Interface Id for iftable_vlan record. It maps to zone.interface.id |
||
targetm | Table | overwrite | bool | 1 | √ | null | ||
routetype | Table | type | text | 2147483647 | √ | null | Value for route type. |
|
device_match | Table | confidence | int4 | 10 | null | Confidence for any given match record. It is derived from profile.pattern_attribute for matching pattern_id and type_id. It is stored in device_match to make fetching profile information avoiding lookup against pattern_attribute. |
||
device_values | Table | inroute | bool | 1 | √ | false | Not being used or populated. |
|
target_shadow | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id however, there is no foreign key relation specified for this column. |
|
device_attribute | Table | id | serial | 10 | √ | nextval('zone.device_attribute_id_seq'::regclass) | Unique identifier for device_attribute record |
|
certificate | Table | serial | text | 2147483647 | √ | null | Serial number of the certificate |
|
device_snmpalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_snmpalias record. It maps to zone.id |
||
device | Table | iftable_id | int4 | 10 | √ | null | Id of interface table record that this device is associated to. A device having a non null value in this column is most likely a switch. iftable_id maps to zone.iftable.id |
|
device | Table | mac | macaddr | 2147483647 | √ | null | MAC address of a device. MAC and meta flag has to be unique within a zone. |
|
device_values | Table | internal | bool | 1 | √ | false | Boolean flag indicating if given device is internal for this zone. Set to true if internal, false otherwise. By internal, it means that the device is set under Zone->Zone Network->Internal List. |
|
device_values | Table | leakinbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to inboundLeak scan type. Set to true if it responded to inboundLeak, false otherwise. |
|
target_hist | Table | device_id | int4 | 10 | √ | null | ||
target | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id |
|
device_values | Table | zone_id | int4 | 10 | null | Zone Id of a device_values record. It maps to zone.id |
||
interface | Table | zone_id | int4 | 10 | null | Zone Id for interface entry. |
||
device_certificate | Table | last_update | timestamp | 29 | √ | now() | ||
mapnode | Table | action_items | text | 2147483647 | √ | null | Action Items for mapnode record. |
|
targetm | Table | route_id | int4 | 10 | √ | null | ||
config | Table | zone_id | int4 | 10 | √ | null | Zone Id for the config record |
|
device_cloudalias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given cloud alias. It gets updated with current timestamp everytime a device response for cloud discovery is received for an alias. |
|
firemon_risk_range | Table | risk | text | 2147483647 | √ | null | ||
listsize_by_zone_view | View | ips | text | 2147483647 | √ | null | ||
device_values | Table | hastraces | bool | 1 | √ | false | Boolean flag indicating if given device responded to pathDiscovery scan type. Set to true if it responded to pathDiscovery, false otherwise. |
|
targetm | Table | cidr_id | int4 | 10 | √ | null | ||
scantype | Table | scantype | text | 2147483647 | √ | null | Value for scan type. |
|
updates | Table | tbl | text | 2147483647 | √ | null | ||
snmpalias | Table | collector_id | int4 | 10 | null | Collector Id for snmpalias record. It maps to system.collector.id |
||
linkset | Table | layer | text | 2147483647 | √ | null | layer this linkset record presents. Valid values are '2' and '3'. Entries will be inserted as and when link with layer2 and/or layer3 are discovered. |
|
device_wmialias | Table | wmialias_id | int4 | 10 | null | Id of a wmialias this record belongs to. It maps to zone.wmialias.id |
||
profiledata | Table | type_id | int4 | 10 | null | |||
path | Table | results | _text | 2147483647 | √ | null | ||
profile_translation | Table | attribute_id | int4 | 10 | null | Attribute Id for profiledatatype record. |
||
target_hist | Table | id | serial | 10 | √ | nextval('zone.target_hist_id_seq'::regclass) | ||
mapnode | Table | device_id | int4 | 10 | √ | null | Device Id for this node. |
|
device_response | Table | time | timestamp | 29 | √ | null | Time when a device response was received for given scan type and protocol. |
|
mapnode | Table | tag | text | 2147483647 | √ | null | Tag value for mapnode record. |
|
attribute | Table | zone_id | int4 | 10 | null | Zone Id of an attribute record. It maps to system.zone.id column |
||
interface | Table | voicevlan | int4 | 10 | √ | null | ||
attributeconfig | View | collector | text | 2147483647 | √ | null | This column shows the collector name and collector id for which the CIDR belongs to. It is represented as Collector name (collector id) |
|
acknowledgeddevice | Table | acknowledged | bool | 1 | null | |||
link | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this record was created/updated |
|
device_pattern | Table | attribute_id | int4 | 10 | √ | null | Not used. |
|
iftable | Table | hash | text | 2147483647 | null | A hash that uniquely identifes an interface table. It is constructed by concatenating all interface->physicaladdresses and interface->index with | and creating a hash out of it. For an incoming response, if a record with identity hash does not exist, new entry is inserted in iftable. If an entry is inserted while processing device level routes, hash is set to "device:" |
||
device_profiledata | Table | port | int4 | 10 | null | Responding port (where applicable) for profiledata. Set to 0 for profile data types sysDescr, sysObjId and CIFS. Set to -1 for tcp (p0f). Set to the port that responded to this profiledata/banner for profile data type http (certificate) |
||
certificatepath | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath record |
||
wmialias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
updatetargetspace_log | Table | action | text | 2147483647 | √ | null | Type of action this updatetargetspace_log record represents. Valid values are: insert, update, delete. |
|
link | Table | zone_id | int4 | 10 | null | Zone Id for link record |
||
wmialias | Table | collector_id | int4 | 10 | null | Collector Id for wmialias record. It maps to system.collector.id |
||
target | Table | expandedconfig | text | 2147483647 | √ | null | Not being used. |
|
target_highpriority | Table | expandedconfig | text | 2147483647 | √ | null | ||
certificate | Table | signaturetype | text | 2147483647 | √ | null | Signature type of the certificate. For example RSA(4096), EC |
|
link | Table | device_id1 | int4 | 10 | null | From Device Id for link record. It maps to zone.device.id. |
||
forwarders_range | Table | start1 | int4 | 10 | √ | null | Start value for this range record |
|
target_highpriority | Table | cidr_id | int4 | 10 | √ | null | ||
links | View | device_id2 | int4 | 10 | √ | null | ||
map | Table | zone_id | int4 | 10 | null | |||
device_attribute | Table | attribute_cidr_id | int4 | 10 | √ | null | Id of CIDR that represents device_attribute record. It is mainly populated for ASName attributetype but can be used for any attribute that would contain a cidr. It maps to system.attribute_cidr.id |
|
target_highpriority | Table | ordid | float4 | 8 | √ | random() | ||
target_hist | Table | zone_id | int4 | 10 | null | |||
device_ports | Table | open_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported open. Sample values - "80"=>"25048454", "135"=>"25048454" |
|
edge | Table | zone_id | int4 | 10 | null | |||
certificate | Table | id | serial | 10 | √ | nextval('zone.certificate_id_seq'::regclass) | Unique identifier for certificate record |
|
interface | Table | name | text | 2147483647 | √ | null | Name of interface. It is normalized from device->interface->name. |
|
route | Table | route | cidr | 2147483647 | √ | null | CIDR value for route |
|
attributes | View | type | text | 2147483647 | √ | null | The name of the system attribute |
|
profile_translation | Table | type_id | int4 | 10 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
interface | Table | bridge | macaddr | 2147483647 | √ | null | Bridge of interface. It is normalized from device->interface->switchInfo->bridge. |
|
device | Table | identity | text | 2147483647 | √ | null | A metadata that further identifies a device, especially the ones that don't have IP Address or MAC address. Possible values include (but are not limited to) collector:* or stealth:*. When a stealth device is found, notation that is being used to populate identity is stealth: |
|
device | Table | ip | inet | 2147483647 | √ | null | IP Address of a device. It can either be IPv4 or IPv6 IP Address. The combination of IP Address and meta flag has to be unique within a zone. That allows same IP Address to be stitched to itself. In that case, child record will have meta flag set to false, while parent record with the same IP Address will have meta flag set to true |
|
target_hist | Table | batchid | int4 | 10 | √ | null | ||
device_match | Table | zone_id | int4 | 10 | null | Zone Id of a device_match record. zone.device_match table is a parent table for all partitioned (by zone_id) zone_xxx.device_match tables. It maps to zone.id column |
||
certificate | Table | certificatetype | text | 2147483647 | √ | null | Type of the certificate. For example SHA256withRSA, SHA1withRSA |
|
certificatepath_pattern | Table | certificatepath_id | int4 | 10 | null | Id of certificatepath that this certificatepath matches. It maps to zone.certificatepath.id |
||
route | Table | known | bool | 1 | √ | null | Boolean indicating if given route is in known CIDR list for this zone. Known CIDR list represents CIDRs set in Zone Networks => Known List. Set to true if it is known, false otherwise |
|
interface | Table | vlan | int4 | 10 | √ | null | Vlan of interface. It is normalized from device->interface->vlan as well as device->interface->switchInfo->vlans. If switchInfo contains vlan, it will use that instead of interface->vlan. |
|
device | Table | firstobserved | timestamp | 29 | √ | now() | Timestamp a device was first observed. Timestamp refers to timestamp/timezone of database server |
|
target_shadow | Table | detailsnew | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
path | Table | zone_id | int4 | 10 | null | |||
device_profiledata | Table | profiledata_id | int4 | 10 | null | Id of a profiledata this record refers to. It maps to zone.profiledata.id. One profiledata_id can be shared across multiple devices. |
||
acknowledgeddevice | Table | zone_id | int4 | 10 | null | |||
device_vendor | View | zone_id | int4 | 10 | √ | null | ||
acknowledgeddevice | Table | user_id | int4 | 10 | null | |||
target | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id |
|
profiledatatype | Table | id | serial | 10 | √ | nextval('zone.profiledatatype_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
iftable | Table | id | serial | 10 | √ | nextval('zone.iftable_id_seq'::regclass) | Unique identifier for interfacetable record |
|
attributeconfig | View | zone | text | 2147483647 | √ | null | This column shows the zone name and zone id for which the CIDR belongs to. It is represented as zone name (zone id) |
|
device | Table | lastupdate | text | 2147483647 | √ | null | Indicates how or why of the last update for this. It only retains the reason for the last update that happened to this device. For example, when an interface table data is processed for the first time, IP Address for that interface data gets lastupdate set to iftable-dev, however, while processing later response, if we got another update, we will then set the lastupdate to later response code. Possible values are: ident-ins - This value will be set if device with given identity doesn't exist in db and incoming device does not have IP associated with it. This will be mostly be true for all stealth devices. As we discover them, we insert them in db with lastupdate set to ident-ins identip-ins - very similar to ident-ins, This value will be seen if device with given identity does not exist in db and incoming device contains an IP Address. This will be true for collector device identip-upd - This value will be set when a response comes in for collector or stealth and there is no device in db with that entity. However, since IP Address exists in the database, we update existing database device and set its last update to identip-upd iftable-dev - This value will be set when a device interface table data is processed, one IP Address gets picked from available interface addresses and entry is created in device table for that IP Address and lastupdate for that device gets set to iftable-dev (along with meta to be true and iftable_id to be interface table id for this interface data) intf-ip-ins - This value will be set when a device interface data is processed, entries in interface->addresses (these are interface IP Addresses) and interface->physicalAddress (these are interface macs) gets inserted as devices. Their lastupdate is set to intf-ip-ins and device_id is set to id of device for that interface table data intf-ip-upd - This value will be set when while processing device interface data, if entry exists in the database for either interface->addresses or interface->physicaladdress but assigned to different device, (device_id is not same as id of interface device that we are processing), device for this IP or MAC gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed if IP Address exists in the database that is also contained in interface->addresess, database entry for that IP gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed and null mac ip - This value will be set when a device is discovered for the first time layer2-hosts - This value will be set when all MAC addresses present in interface->switchInfo->hosts get inserted into device table with lastupdate set to layer2-hosts. are almost always devices with null ip macip-arp - This value will be set When a device interface data is processed, all ARP entries (present in device->interface->hosts (as MAC/IP pairs)), where both MAC or IP does not exist in the database, gets inserted in to device table (with few exceptions) with lastupdate set to macip-arp snm-cons-ip - This value will be set for the device if serial number is present in response attributes and IP Address does not exist in database (we don't stitch devices on serial number if they have an interface table) snm-cons-meta - This value will be set ff serial number is present in response attributes and IP Address that exists in database does not have any parent device_id associated with it, we create a parent device for the same IP and set last update to snm-cons-meta for this parent IP and set meta to true snmp-macip - There are few scenarios when a device.lastupdate gets set to snmp-macip: 1. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device with either of the MAC address or IP Address does not exist in the database, a device entry is created with lastupdate set to snmp-macip - This is really synonymous to macip-arp and might need to change it to macip-arp 2. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device exists in the database with IP that is in MAC/IP pair, however no device exists in the database with MAC from MAC/IP pair, and database device with IP does not have a MAC associated with it, that database device gets updated with MAC from arp entry and lastupdate is set to snmp-macip 3. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if two separate devices exist in the database (one with IP set to arp IP and another one with MAC set to arp MAC) and none of the devices in the database are consolidated (their device_id is null) and if IP device in database also has a MAC (different then the one in arp entry), update database device with arp IP and set its IP Address to null and lastupdate to snmp-macip and ident set to "unassigned: |
|
linkset | Table | hosts | bool | 1 | √ | null | Boolean indicating whether this linkset record refers to hosts or nodes. Set to true for hosts, false otherwise. |
|
snmpalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.snmpalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
mapnode | Table | id | serial | 10 | √ | nextval('zone.mapnode_id_seq'::regclass) | Unique identifier for mapnode record |
|
certificate | Table | port | int4 | 10 | √ | null | ||
profile_translation | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledatatype record |
||
route | Table | id | serial | 10 | √ | nextval('zone.route_id_seq'::regclass) | Unique identifier for route record |
|
target_highpriority | Table | id | serial | 10 | √ | nextval('zone.target_highpriority_id_seq'::regclass) | ||
route | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this route record was created/updated |
|
updates | Table | op | text | 2147483647 | √ | null | ||
device_pattern | Table | zone_id | int4 | 10 | null | Zone Id of a device_pattern record. It maps to zone.id column |
||
device_attribute | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
profiledatatype | Table | type | text | 2147483647 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
target_shadow | Table | last_target | timestamp | 29 | √ | null | ||
device_ports | Table | open | _int4 | 10 | √ | null | List of all ports that are reported open for a device. Please see table description for more information. |
|
mapnode | Table | map_id | int4 | 10 | null | Id of map this mapnode record refers to. |
||
updatetargetspace_log | Table | zone_id | int4 | 10 | null | Zone Id for updatetargetspace_log record. |
||
config | Table | collector_id | int4 | 10 | √ | null | Collector Id for this config record. It maps to system.collector.id |
|
target_highpriority | Table | target_id | int4 | 10 | √ | null | ||
updates | Table | time | timestamp | 29 | √ | now() | ||
profile_translation | Table | newattribute_id | int4 | 10 | √ | null | Newattribute Id for profiledatatype record. |
|
device | Table | macvendor_id | int4 | 10 | √ | null | Id of macvendor of a device. It maps to system.macvendor.id |
|
target_shadow | Table | last_update | timestamp | 29 | √ | now() | ||
targetm | Table | cidrval | cidr | 2147483647 | √ | null | ||
device_response | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
target | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id |
||
listsize_by_zone_view | View | listtype | text | 2147483647 | √ | null | ||
mapnode | Table | xcoord | float4 | 8 | √ | null | X coordinate value for mapnode record. |
|
edge | Table | interface_id2 | int4 | 10 | √ | null | ||
profiledata_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledata_pattern record. It maps to profile.pattern.id |
||
device_pattern | Table | device_id | int4 | 10 | null | Id of a device this pattern match belongs to. It maps to device.id |
||
nackcandidate | Table | zone_id | int4 | 10 | null | |||
target | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id. |
||
device_pattern | Table | certificatepath_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from http (certificate). It maps to zone.certificatepath.id |
|
certificate | Table | chainid | int8 | 19 | √ | null | ||
map | Table | user_id | int4 | 10 | null | |||
device_pattern | Table | profiledata_id | int4 | 10 | √ | null | Id of profiledata that is matched against this device and pattern record. It maps to zone.profiledata.id. It contains a non null value for all matches resulted from snmp (sysDescr, sysObj), CIFS, tcp (p0f) responses. |
|
device_values | Table | l2peers | int2 | 5 | √ | 0 | Indicates number of layer2 nodes this device is connected to. In other words, there are l2peers number of layer2 edges between this device and other devices that are not hosts. |
|
routeprotocol | Table | id | serial | 10 | √ | nextval('zone.routeprotocol_id_seq'::regclass) | Unique identifier for routeprotocol record |
|
device_profiledata | Table | type_id | int4 | 10 | null | Id of a profiledata type this record refers to. It maps to zone.profiledatatype.id. Valid values for zone.profiledatatype.type are sysDescr, sysObjectID, tcp, http, cifs. |
||
attributes | View | attribute_id | int4 | 10 | √ | null | Id for value of the system attribute. This maps to zone.attribute.attributetype_id |
|
interface | Table | index | int4 | 10 | √ | null | Index of interface. It is normalized from device->interface->index. |
|
interface_route | Table | withdrawn | bool | 1 | √ | false | Has this route been withdrawn by the discovering routing protocol (currently only BGP supports this) |
|
attributes | View | device_id | int4 | 10 | √ | null | Id of the device for which the attribute is saved. |
|
interface | Table | opstatus | int4 | 10 | √ | null | Optstatus of interface. It is normalized from device->interface->opstatus. |
|
certificate | Table | version | int4 | 10 | √ | null | Version of the certificate |
|
interface | Table | port | int4 | 10 | √ | null | Port of interface. It is normalized from device->interface->switchInfo->port. |
|
profile_translation | Table | id | serial | 10 | √ | nextval('zone.profile_translation_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
config | Table | id | serial | 10 | √ | nextval('zone.config_id_seq'::regclass) | Unique identifier for config record |
|
edge | Table | node_id2 | int4 | 10 | null | |||
interface | Table | alias | text | 2147483647 | √ | null | Alias of interface. It is normalized from device->interface->alias. |
|
edge | Table | node_id1 | int4 | 10 | null | |||
certificatepath_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that this certificatepath matches. It maps to profile.pattern.id |
||
target_hist | Table | cidr_id | int4 | 10 | √ | null | ||
links | View | device2 | text | 2147483647 | √ | null | ||
interface_address | Table | id | serial | 10 | √ | nextval('zone.interface_address_id_seq'::regclass) | Unique identifier for interface_address record. |
|
target | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id |
|
links | View | hosts | bool | 1 | √ | null | ||
edge | Table | id | serial | 10 | √ | nextval('zone.edge_id_seq'::regclass) | ||
device_values | Table | ips | int2 | 5 | √ | 0 | Not being used or populated. |
|
target_hist | Table | action | text | 2147483647 | √ | null | ||
target | Table | details | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
mapnode | Table | asset_reference | text | 2147483647 | √ | null | Asset Reference value for mapnode record. |
|
target | Table | last_target | timestamp | 29 | √ | null | Timestamp when this target was picked up by a collector last. It is set to null when it is yet to be picked up. When collector asks for next set of records, records with null last_target will get picked up first. If value is non null, targets will be picked up if time elapsed since last_update is greater than rescan interval of a collector. |
|
device_response | Table | zone_id | int4 | 10 | null | Zone Id of a device_response record. It maps to zone.id |
||
updates | Table | zone_id | int4 | 10 | √ | null | ||
attribute_cidr | Table | zone_id | int4 | 10 | null | Zone Id for attribute_cidr record |
||
device | Table | active | bool | 1 | √ | null | Boolean flag that is set to true each time when a device is discovered and when a response is received for that device. It is set to false when no response is received for the device for 3 consecutive rescan intervals |
|
device_match | Table | type_id | int4 | 10 | null | Id of a profile type for given match record. It maps to profile.type. Valid values for profile.type are Device Type, OS, Model, Version, Vendor |
||
wmialias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.wmialias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
interface | Table | id | serial | 10 | √ | nextval('zone.interface_id_seq'::regclass) | Unique identifier for interfacetable record. |
|
attribute | Table | id | serial | 10 | √ | nextval('zone.attribute_id_seq'::regclass) | Unique identifier for attribute record |
|
device_wmialias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
nackcandidate | Table | mac | macaddr | 2147483647 | √ | null | ||
attributeconfig | View | attribute | text | 2147483647 | √ | null | Indicates the attribute value when user adds a Custom Attribute |
|
certificate | Table | subject_id | int4 | 10 | √ | null | Id for data referencing certificate subject. It maps to zone.certificatepath.id |
|
certificate | Table | zone_id | int4 | 10 | null | Zone Id for the certificate record |
||
device_values | Table | l3hosts | int4 | 10 | √ | 0 | Indicates number of layer3 hosts this device is connected to. In other words, there are l3hosts number of layer3 edges between this device and other devices that are hosts. |
|
certificate | Table | extensions | text | 2147483647 | √ | null | Not being used. |
|
cloudalias | Table | collector_id | int4 | 10 | null | Collector Id for cloudalias record. It maps to system.collector.id |
||
device_match | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
interface | Table | physicaladdress | macaddr | 2147483647 | √ | null | Physical address of interface. It is normalized from device->interface->physicalAddress. |
|
cloudalias | Table | credential | text | 2147483647 | √ | null | Credentials for cloudalias record. Credentials are stored in following format: <cloud provider for credential(aws)>:alias name:encoded credentials. |
|
profiles | View | source | text | 2147483647 | √ | null | ||
profiles | View | ip | inet | 2147483647 | √ | null | ||
forwarders_range | Table | end1 | int4 | 10 | √ | null | End value for this range record |
|
linkset | Table | id | serial | 10 | √ | nextval('zone.linkset_id_seq'::regclass) | Unique identifier for linkset record |
|
protocol_numbers | Table | protocol | text | 2147483647 | √ | null | ||
wmialias | Table | zone_id | int4 | 10 | null | Zone Id for wmialias record. It maps to system.zone.id |
||
interface_route | Table | first_observed | timestamptz | 35 | √ | now() | Timestamp when this route was first seen. If the route is expired out and recreated, this will be the timestamp from when we last created it. |
|
interface_route | Table | id | serial | 10 | √ | nextval('zone.interface_route_id_seq'::regclass) | Unique identifier for interface_route record. |
|
config | Table | value | text | 2147483647 | √ | null | Configuration value for a given key, within a collector and zone |
|
target_hist | Table | route_id | int4 | 10 | √ | null | ||
device_cloudalias | Table | cloudalias_id | int4 | 10 | null | Id of a cloudalias this record belongs to. It maps to zone.cloudalias.id |
||
device_profiledata | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |