Columns
Table | Type | Column | Type | Size | Nulls | Auto | Default | Comments |
---|---|---|---|---|---|---|---|---|
path | Table | protocols | _text | 2147483647 | √ | null | ||
device_values | Table | trusted | bool | 1 | √ | false | Boolean flag indicating if given device is trusted for this zone. Set to true if trusted, false otherwise. By trusted, it means that the device is set under Zone->Zone Network->Eligible List. |
|
interface | Table | opstatus | int4 | 10 | √ | null | Optstatus of interface. It is normalized from device->interface->opstatus. |
|
device_pattern | Table | zone_id | int4 | 10 | null | Zone Id of a device_pattern record. It maps to zone.id column |
||
result | Table | id | serial | 10 | √ | nextval('zone.result_id_seq'::regclass) | ||
interface_address | Table | id | serial | 10 | √ | nextval('zone.interface_address_id_seq'::regclass) | Unique identifier for interface_address record. |
|
map | Table | description | text | 2147483647 | √ | null | ||
device_values | Table | leakoutbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to outboundLeak scan type. Set to true if it responded to outboundLeak, false otherwise. |
|
interface | Table | id | serial | 10 | √ | nextval('zone.interface_id_seq'::regclass) | Unique identifier for interfacetable record. |
|
links | View | name1 | text | 2147483647 | √ | null | ||
firemon_risk_range | Table | risk | text | 2147483647 | √ | null | ||
snmpalias | Table | id | serial | 10 | √ | nextval('zone.snmpalias_id_seq'::regclass) | Unique identifier for snmpalias record |
|
profiles | View | device_id | int4 | 10 | √ | null | ||
result | Table | result | text | 2147483647 | √ | null | ||
device_values | Table | devicetype | text | 2147483647 | √ | null | Indicates devicetype of this device. For the most up to date and accurate devicetype info, use device_match table. |
|
target_highpriority | Table | expandedconfig | text | 2147483647 | √ | null | ||
attribute | Table | attribute | text | 2147483647 | √ | null | Value of discovered meta data/attribute. |
|
device_certificate | Table | zone_id | int4 | 10 | null | Zone Id of a device_certificate record. It maps to zone.id column |
||
attributes | View | device_id | int4 | 10 | √ | null | Id of the device for which the attribute is saved. |
|
scantype | Table | scantype | text | 2147483647 | √ | null | Value for scan type. |
|
interface_route | Table | routetype_id | int4 | 10 | √ | null | Route Type id. Maps to zone.routetype.id |
|
target_shadow | Table | last_target | timestamp | 29 | √ | null | ||
profiles | View | mac | macaddr | 2147483647 | √ | null | ||
targetm | Table | device_id | int4 | 10 | √ | null | ||
profiles | View | parent_id | int4 | 10 | √ | null | ||
portgroup | Table | name | text | 2147483647 | null | Unique name for portgroup record. Values for name are, common, vulnerable, infectious. Please note that at the moment only vulnerable and infectious groups are used in discovery. |
||
links | View | device_id2 | int4 | 10 | √ | null | ||
profiledata | Table | data | text | 2147483647 | null | The normalized profile data. At least converted to lower case and non printable characters are deleted or escaped. |
||
attribute_cidr | Table | attributetype_id | int4 | 10 | null | Id of attribute type. Maps to system.attributetype.id |
||
mapnode | Table | acknowledged_time | timestamp | 29 | √ | now() | Timestamp when given map node record was acknowledged. Set only if mapnode.acknowledged is set to true. |
|
path | Table | targetcidrs | _cidr | 2147483647 | √ | null | ||
device | Table | lastobserved | timestamp | 29 | √ | now() | Timestamp a device was last observed. Timestamp refers to timestamp/timezone of database server. It gets updated each time a response is received for this device. Note: Each time a response is received and processed for a device, lastobserved gets current timestamp and active gets set to true. |
|
path | Table | zone_id | int4 | 10 | null | |||
wmialias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.wmialias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
updates | Table | tbl | text | 2147483647 | √ | null | ||
nackcandidate | Table | zone_id | int4 | 10 | null | |||
certificate | Table | serial | text | 2147483647 | √ | null | Serial number of the certificate |
|
targetm | Table | route_id | int4 | 10 | √ | null | ||
updates | Table | type | text | 2147483647 | √ | null | ||
target_highpriority | Table | device_id | int4 | 10 | √ | null | ||
response_decision | Table | sysname | text | 2147483647 | √ | null | Sysname (if exists) used in nlshash for response_decision record |
|
nackcandidate | Table | ip | inet | 2147483647 | √ | null | ||
device_ports | Table | open | _int4 | 10 | √ | null | List of all ports that are reported open for a device. Please see table description for more information. |
|
wmialias | Table | collector_id | int4 | 10 | null | Collector Id for wmialias record. It maps to system.collector.id |
||
device_ports | Table | open_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported open. Sample values - "80"=>"25048454", "135"=>"25048454" |
|
device_values | Table | l2peers | int2 | 5 | √ | 0 | Indicates number of layer2 nodes this device is connected to. In other words, there are l2peers number of layer2 edges between this device and other devices that are not hosts. |
|
map | Table | preferences | text | 2147483647 | √ | null | ||
portgroup | Table | ports | _int4 | 10 | null | Array of port numbers for given portgroup record. |
||
routetype | Table | id | serial | 10 | √ | nextval('zone.routetype_id_seq'::regclass) | Unique identifier for routetype record |
|
routetype | Table | type | text | 2147483647 | √ | null | Value for route type. |
|
config | Table | key | text | 2147483647 | √ | null | Key represents collector configuration information. Each key is unique for a given collector_id and zone_id record. For specific scantype, the key is represented as |
|
target | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id |
||
target_hist | Table | collector_id | int4 | 10 | null | |||
target_highpriority | Table | scantype_id | int4 | 10 | null | |||
profile_translation | Table | zone_id | int4 | 10 | null | Zone Id for profiledatatype record |
||
updatetargetspace_log | Table | parameters | _text | 2147483647 | √ | null | Parameters passed in for update target processing. Possible parameters are onlyDeletes and verification |
|
iftable_vlan | Table | iftable_id | int4 | 10 | null | Iftable Id for iftable_vlan record. It maps to zone.iftable.id. There is a one to many relationship between iftable id and vlan hence same iftable id can have multiple records for different vlan info |
||
device_cloudalias | Table | cloudalias_id | int4 | 10 | null | Id of a cloudalias this record belongs to. It maps to zone.cloudalias.id |
||
interface | Table | infhash | text | 2147483647 | √ | null | Hash of interface key parameters index/name/physicaladdress. |
|
device_values | Table | perimeter | bool | 1 | √ | false | Boolean flag indicating if given device is a perimeter device. Set to true if device is internal and contains a link to another device that is not internal, false otherwise. |
|
certificate | Table | chainorder | int4 | 10 | √ | null | ||
attribute_cidr | Table | collector_id | int4 | 10 | √ | null | Collector Id. Maps to system.collector.id |
|
device_attribute | Table | attributetype_id | int4 | 10 | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, serialNumber. |
||
certificate | Table | startdate | timestamp | 29 | √ | null | Start date for the certificate |
|
interface | Table | physicaladdress | macaddr | 2147483647 | √ | null | Physical address of interface. It is normalized from device->interface->physicalAddress. |
|
profiledata | Table | id | serial | 10 | √ | nextval('zone.profiledata_id_seq'::regclass) | ||
targetm | Table | config | text | 2147483647 | √ | null | ||
links | View | device_id1 | int4 | 10 | √ | null | ||
target_hist | Table | scantype_id | int4 | 10 | null | |||
mapnode | Table | device_id | int4 | 10 | √ | null | Device Id for this node. |
|
target | Table | expandedconfig | text | 2147483647 | √ | null | Not being used. |
|
response_decision | Table | decision | bool | 1 | √ | null | Decision made for response_decision record. True = response from an existing device/false = response from a new device |
|
listsize_by_zone_view | View | ips | text | 2147483647 | √ | null | ||
profile_translation | Table | attribute_id | int4 | 10 | null | Attribute Id for profiledatatype record. |
||
target_highpriority | Table | cidrval | cidr | 2147483647 | null | |||
iftable_vlan | Table | vlan | int4 | 10 | null | Vlan number. |
||
response_decision | Table | zone_id | int4 | 10 | null | Zone Id for response_decision record |
||
attributes | View | ip | inet | 2147483647 | √ | null | The IP Address of the device for which the attribute is saved. |
|
updates | Table | zone_id | int4 | 10 | √ | null | ||
device | Table | active | bool | 1 | √ | null | Boolean flag that is set to true each time when a device is discovered and when a response is received for that device. It is set to false when no response is received for the device for 3 consecutive rescan intervals |
|
edge | Table | node_id1 | int4 | 10 | null | |||
profiles | View | identity | text | 2147483647 | √ | null | ||
profiledatatype | Table | id | serial | 10 | √ | nextval('zone.profiledatatype_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
linkset | Table | id | serial | 10 | √ | nextval('zone.linkset_id_seq'::regclass) | Unique identifier for linkset record |
|
device_snmpalias | Table | snmpalias_id | int4 | 10 | null | Id of a snmpalias this record belongs to. It maps to zone.snmpalias.id |
||
device | Table | iftable_id | int4 | 10 | √ | null | Id of interface table record that this device is associated to. A device having a non null value in this column is most likely a switch. iftable_id maps to zone.iftable.id |
|
profiles | View | attribute | text | 2147483647 | √ | null | ||
targetm | Table | overwrite | bool | 1 | √ | null | ||
link | Table | linkset_id | int4 | 10 | null | Linkset Id for link record. It maps to zone.linkset.id. It identifies whether this link is host or node and whether it is representing layer2 link or layer3 link |
||
device_profiledata | Table | profiledata_id | int4 | 10 | null | Id of a profiledata this record refers to. It maps to zone.profiledata.id. One profiledata_id can be shared across multiple devices. |
||
attributeconfig | View | attribute | text | 2147483647 | √ | null | Indicates the attribute value when user adds a Custom Attribute |
|
linkset | Table | layer | text | 2147483647 | √ | null | layer this linkset record presents. Valid values are '2' and '3'. Entries will be inserted as and when link with layer2 and/or layer3 are discovered. |
|
path | Table | results | _text | 2147483647 | √ | null | ||
device_wmialias | Table | zone_id | int4 | 10 | null | Zone Id of a device_wmialias record. It maps to zone.id |
||
attribute_cidr | Table | cidrval | cidr | 2147483647 | null | CIDR value for attribute_cidr record |
||
certificate | Table | subject_id | int4 | 10 | √ | null | Id for data referencing certificate subject. It maps to zone.certificatepath.id |
|
attribute_cidr | Table | zone_id | int4 | 10 | null | Zone Id for attribute_cidr record |
||
device_attribute | Table | zone_id | int4 | 10 | null | Zone Id of a device_attribute record. It maps to zone.id column |
||
certificate | Table | port | int4 | 10 | √ | null | ||
target_shadow | Table | detailsold | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. A non null value indicates update and holds details column value from target table prior to update. A null value indicates that this record was an insert. |
|
updatetargetspace_log | Table | action | text | 2147483647 | √ | null | Type of action this updatetargetspace_log record represents. Valid values are: insert, update, delete. |
|
protocol | Table | id | serial | 10 | √ | nextval('zone.protocol_id_seq'::regclass) | Unique identifier for protocol record |
|
certificate | Table | extensions | text | 2147483647 | √ | null | Not being used. |
|
attributes | View | attribute_id | int4 | 10 | √ | null | Id for value of the system attribute. This maps to zone.attribute.attributetype_id |
|
response_decision | Table | syslocation | text | 2147483647 | √ | null | Syslocation (if exists) used in nlshash for response_decision record |
|
device_values | Table | hastraces | bool | 1 | √ | false | Boolean flag indicating if given device responded to pathDiscovery scan type. Set to true if it responded to pathDiscovery, false otherwise. |
|
device_match | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
profile_translation | Table | content_id | int4 | 10 | √ | null | Content Id for profiledatatype record. |
|
device_wmialias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given WMI alias. It gets updated with current timestamp everytime a device response for WMI discovery is received for an alias. |
|
attributeconfig | View | collector | text | 2147483647 | √ | null | This column shows the collector name and collector id for which the CIDR belongs to. It is represented as Collector name (collector id) |
|
interface_route | Table | aspath | _int4 | 10 | √ | null | AS Path for this route. |
|
interface | Table | bridge | macaddr | 2147483647 | √ | null | Bridge of interface. It is normalized from device->interface->switchInfo->bridge. |
|
config | Table | zone_id | int4 | 10 | √ | null | Zone Id for the config record |
|
target_hist | Table | expandedconfig | text | 2147483647 | √ | null | ||
snmpalias | Table | zone_id | int4 | 10 | null | Zone Id for snmpalias record. It maps to system.zone.id |
||
links | View | device2 | text | 2147483647 | √ | null | ||
mapnode | Table | label | text | 2147483647 | √ | null | Label value for mapnode record. |
|
targetm | Table | cidrval | cidr | 2147483647 | √ | null | ||
response_decision | Table | reason | text | 2147483647 | √ | null | Reasaon for the decision made for response_decision record |
|
mapnode | Table | xcoord | float4 | 8 | √ | null | X coordinate value for mapnode record. |
|
interface_route | Table | asnum | int4 | 10 | √ | null | AS Number for this route. |
|
mapnode | Table | acknowledged | bool | 1 | √ | false | Boolean flag indicating if this map node has being acknowledged. |
|
device | Table | ip | inet | 2147483647 | √ | null | IP Address of a device. It can either be IPv4 or IPv6 IP Address. The combination of IP Address and meta flag has to be unique within a zone. That allows same IP Address to be stitched to itself. In that case, child record will have meta flag set to false, while parent record with the same IP Address will have meta flag set to true |
|
profiles | View | source | text | 2147483647 | √ | null | ||
interface | Table | adminstatus | int4 | 10 | √ | null | AdminStatus of interface. It is normalized from device->interface->adminStatus. |
|
device_match | Table | type_id | int4 | 10 | null | Id of a profile type for given match record. It maps to profile.type. Valid values for profile.type are Device Type, OS, Model, Version, Vendor |
||
interface_route | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this record was created/updated |
|
target_hist | Table | action | text | 2147483647 | √ | null | ||
device_vendor | View | zone_id | int4 | 10 | √ | null | ||
target_highpriority | Table | cidr_id | int4 | 10 | √ | null | ||
firemon_risk_range | Table | end1 | int4 | 10 | √ | null | ||
device_match | Table | confidence | int4 | 10 | null | Confidence for any given match record. It is derived from profile.pattern_attribute for matching pattern_id and type_id. It is stored in device_match to make fetching profile information avoiding lookup against pattern_attribute. |
||
device_vendor | View | mac | text | 2147483647 | √ | null | ||
acknowledgeddevice | Table | acknowledged | bool | 1 | null | |||
device_ports | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_values | Table | target | bool | 1 | √ | false | Boolean flag indicating if given device is targeted for this zone (as part of any collector). Set to true if targeted, false otherwise. By targeted, it means that the device is set under Zone->Discovery Spaces->Target List. |
|
target | Table | ordid | float4 | 8 | √ | random() | A Random value used to distribute targets. When collector requests next set of targets, query performs order by ordid before returning target list |
|
device_attribute | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given attribute. It gets updated with curren timestamp everytime device response is received for an attribute. |
|
attributes | View | type | text | 2147483647 | √ | null | The name of the system attribute |
|
edge | Table | interface_id2 | int4 | 10 | √ | null | ||
cloudalias | Table | zone_id | int4 | 10 | null | Zone Id for cloudalias record. It maps to system.zone.id |
||
device_values | Table | os | text | 2147483647 | √ | null | Indicates operating system of this device. For the most up to date and accurate operating system info, use device_match table. |
|
target_highpriority | Table | last_target | timestamp | 29 | √ | null | ||
listsize_by_zone_view | View | zone_id | int4 | 10 | √ | null | ||
interface_address | Table | ip | inet | 2147483647 | √ | null | IP address of interface. |
|
device_certificate | Table | certificate_id | int4 | 10 | null | Unique identifier for certificat record. It maps to zone.certificate.id |
||
updates | Table | time | timestamp | 29 | √ | now() | ||
interface | Table | name | text | 2147483647 | √ | null | Name of interface. It is normalized from device->interface->name. |
|
target_shadow | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id however, there is no foreign key relation specified for this column. |
||
attribute_cidr | Table | timestamp | timestamp | 29 | √ | now() | Timestamp when this record was created/updated. |
|
device_pattern | Table | macvendor_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from macvendor. It maps to system.macvendor.id |
|
device | Table | macvendor_id | int4 | 10 | √ | null | Id of macvendor of a device. It maps to system.macvendor.id |
|
device_wmialias | Table | wmialias_id | int4 | 10 | null | Id of a wmialias this record belongs to. It maps to zone.wmialias.id |
||
device_profiledata | Table | type_id | int4 | 10 | null | Id of a profiledata type this record refers to. It maps to zone.profiledatatype.id. Valid values for zone.profiledatatype.type are sysDescr, sysObjectID, tcp, http, cifs. |
||
map | Table | zone_id | int4 | 10 | null | |||
config | Table | collector_id | int4 | 10 | √ | null | Collector Id for this config record. It maps to system.collector.id |
|
targetm | Table | zone_id | int4 | 10 | √ | null | ||
target | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id |
|
scantype_alias | Table | scantype | text | 2147483647 | √ | null | Internal scantype value that maps to scantype.type |
|
links | View | hosts | bool | 1 | √ | null | ||
certificate | Table | chainid | int8 | 19 | √ | null | ||
device_values | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface_host | Table | vlans | _int4 | 10 | null | Array of vlans for given interface host. device->interface->switchInfo->vlans gets normalized here. |
||
firemon_risk_range | Table | start1 | int4 | 10 | √ | null | ||
mapnode | Table | action_items | text | 2147483647 | √ | null | Action Items for mapnode record. |
|
targetm | Table | cidr_id | int4 | 10 | √ | null | ||
map | Table | id | serial | 10 | √ | nextval('zone.map_id_seq'::regclass) | ||
nackcandidate | Table | id | serial | 10 | √ | nextval('zone.nackcandidate_id_seq'::regclass) | ||
profiledata | Table | hash | text | 2147483647 | null | MD5 hash of the (normalized) data column |
||
certificate | Table | id | serial | 10 | √ | nextval('zone.certificate_id_seq'::regclass) | Unique identifier for certificate record |
|
certificate | Table | zone_id | int4 | 10 | null | Zone Id for the certificate record |
||
forwarders_range | Table | end1 | int4 | 10 | √ | null | End value for this range record |
|
response_decision | Table | cmpinfhash | text | 2147483647 | √ | null | Composite hash of the individual interface key parameter hashes for response_decision record |
|
target | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id |
|
iftable | Table | zone_id | int4 | 10 | null | Zone Id for interface table entry |
||
response_decision | Table | nlshash | text | 2147483647 | √ | null | Sysname/syslocation/serial number for response_decision record |
|
response_decision | Table | created_at | timestamp | 29 | √ | now() | created_at timestamp when this record was created |
|
target_highpriority | Table | zone_id | int4 | 10 | null | |||
target_shadow | Table | last_update | timestamp | 29 | √ | now() | ||
map | Table | type | text | 2147483647 | null | |||
map | Table | title | text | 2147483647 | √ | null | ||
attribute | Table | attributetype_id | int4 | 10 | √ | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, ASName, SerialNumber, known, avoid. For complete list, please see system.attributetype table. |
|
target_hist | Table | ordid | float4 | 8 | √ | random() | ||
certificate | Table | expiredate | timestamp | 29 | √ | null | Expiration date of the certificate |
|
response_decision | Table | sn | text | 2147483647 | √ | null | Serial number (if exists) used in nlshash for response_decision record |
|
profile_translation | Table | type_id | int4 | 10 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
device_values | Table | l3peers | int2 | 5 | √ | 0 | Indicates number of layer3 nodes this device is connected to. In other words, there are l3peers number of layer3 edges between this device and other devices that are not hosts. |
|
interface | Table | indconthash | text | 2147483647 | √ | null | Hash of interface all the interface parameters. |
|
profile_translation | Table | newattribute_id | int4 | 10 | √ | null | Newattribute Id for profiledatatype record. |
|
mapnode | Table | tag | text | 2147483647 | √ | null | Tag value for mapnode record. |
|
interface | Table | index | int4 | 10 | √ | null | Index of interface. It is normalized from device->interface->index. |
|
route | Table | route | cidr | 2147483647 | √ | null | CIDR value for route |
|
device_response | Table | protocol_id | int4 | 10 | null | Protocol Id of a device this record belongs to. It maps to zone.protocol.id |
||
certificatepath_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that this certificatepath matches. It maps to profile.pattern.id |
||
target_hist | Table | device_id | int4 | 10 | √ | null | ||
device_response | Table | scantype_id | int4 | 10 | null | Scan Type Id of a device this record belongs to. It maps to zone.scantype.id |
||
interface | Table | trunk | bool | 1 | √ | null | Trunk of interface. It is normalized from device->interface->switchInfo->trunkPort. |
|
device | Table | firstobserved | timestamp | 29 | √ | now() | Timestamp a device was first observed. Timestamp refers to timestamp/timezone of database server |
|
acknowledgeddevice | Table | created_time | timestamp | 29 | √ | now() | ||
iftable_vlan | Table | zone_id | int4 | 10 | √ | null | Zone Id for iftable_vlan record |
|
links | View | zoneid | int4 | 10 | √ | null | ||
device_values | Table | model | text | 2147483647 | √ | null | Indicates model of this device. For the most up to date and accurate model info, use device_match table. |
|
device_response | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface_route | Table | id | serial | 10 | √ | nextval('zone.interface_route_id_seq'::regclass) | Unique identifier for interface_route record. |
|
certificatepath | Table | time | timestamp | 29 | √ | transaction_timestamp() | Timestamp when this record was created/updated. |
|
device_attribute | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
targetm | Table | collector_id | int4 | 10 | √ | null | ||
updates | Table | fields | hstore | 2147483647 | √ | null | ||
device_snmpalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
mapnode | Table | height | float4 | 8 | √ | null | Height value for mapnode record. |
|
path | Table | hash | text | 2147483647 | √ | null | ||
target | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id. |
||
target_shadow | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id however, there is no foreign key relation specified for this column. |
|
device_attribute | Table | attribute_id | int4 | 10 | √ | null | Id of attribute this mapping represents. It maps to zone.attribute.id |
|
device_certificate | Table | device_id | int4 | 10 | null | Id for device record. It maps to zone.device.id |
||
target_shadow | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id however, there is no foreign key relation specified for this column. |
||
scantype_alias | Table | alias | text | 2147483647 | √ | null | Alias for scantype that gets displayed on UI for Discovery Statistics By Discovery Types report. |
|
mapnode | Table | ycoord | float4 | 8 | √ | null | Y coordinate value for mapnode record. |
|
device_snmpalias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given alias. It gets updated with current timestamp everytime a device response is received for an SNMP alias. |
|
iftable | Table | bridgeaddress | macaddr | 2147483647 | √ | null | Bridge address of an interface table. It is normalized from device->bridgeAddress. It will be null when iftable entry represents device level route processing. |
|
device_values | Table | leakinbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to inboundLeak scan type. Set to true if it responded to inboundLeak, false otherwise. |
|
device_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given device response record. It maps to profile.pattern.id |
||
routeprotocol | Table | protocol | text | 2147483647 | √ | null | Value for protocol. |
|
profiledatatype | Table | type | text | 2147483647 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
target_hist | Table | zone_id | int4 | 10 | null | |||
profiles | View | zone_id | int4 | 10 | √ | null | ||
snmpaliasgroup | Table | name | text | 2147483647 | null | Unique name for snmpaliasgroup record. Currently, Spectre has only one snmpaliasgroup name and is called common |
||
device_vendor | View | enterprise | text | 2147483647 | √ | null | ||
response_decision | Table | match_id | int4 | 10 | √ | null | Id of matching response for response_decision record. Negative if from a new device |
|
target_hist | Table | id | serial | 10 | √ | nextval('zone.target_hist_id_seq'::regclass) | ||
response_decision | Table | id | serial | 10 | √ | nextval('zone.response_decision_id_seq'::regclass) | Unique identifier for response_decision record |
|
protocol_numbers | Table | protocol | text | 2147483647 | √ | null | ||
snmpalias | Table | collector_id | int4 | 10 | null | Collector Id for snmpalias record. It maps to system.collector.id |
||
target_hist | Table | last_target | timestamp | 29 | √ | null | ||
profiledata | Table | zone_id | int4 | 10 | null | |||
device_vendor | View | vendor_source | text | 2147483647 | √ | null | ||
forwarders_range | Table | start1 | int4 | 10 | √ | null | Start value for this range record |
|
device_certificate | Table | last_update | timestamp | 29 | √ | now() | ||
cloudalias | Table | collector_id | int4 | 10 | null | Collector Id for cloudalias record. It maps to system.collector.id |
||
interface_host | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface host. |
||
device | Table | maclastobserved | timestamptz | 35 | √ | null | Timestamp of the last time this MAC/IP pairing was seen. This will be used to potentially time out the MAC address for this device (which might occur if the device picks up its address via DHCP and moves from one subnet to another on the network) |
|
target_highpriority | Table | details | text | 2147483647 | √ | null | ||
iftable | Table | id | serial | 10 | √ | nextval('zone.iftable_id_seq'::regclass) | Unique identifier for interfacetable record |
|
device_values | Table | forwarder | bool | 1 | √ | false | Boolean flag indicating if given device is a forwarder. Set to true if it is forwarder, false otherwise. |
|
path | Table | hops | _inet | 2147483647 | √ | null | ||
map | Table | created_by | int4 | 10 | √ | null | ||
wmialias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
links | View | name2 | text | 2147483647 | √ | null | ||
device_attribute | Table | attribute_cidr_id | int4 | 10 | √ | null | Id of CIDR that represents device_attribute record. It is mainly populated for ASName attributetype but can be used for any attribute that would contain a cidr. It maps to system.attribute_cidr.id |
|
target_shadow | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id however, there is no foreign key relation specified for this column. |
|
protocol_numbers | Table | decimal | int4 | 10 | √ | null | ||
protocol | Table | protocol | text | 2147483647 | √ | null | Value of protocol. Valid values are arp, udp, icmp, snmp, snmpv2, tcp, dns, http, https, cifs, dhcp |
|
certificate | Table | issuer_id | int4 | 10 | √ | null | Id for data referencing certificate issuer. It maps to zone.certificatepath.id |
|
profiledata_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledata_pattern record. It maps to profile.pattern.id |
||
link | Table | zone_id | int4 | 10 | null | Zone Id for link record |
||
attribute | Table | zone_id | int4 | 10 | null | Zone Id of an attribute record. It maps to system.zone.id column |
||
device_ports | Table | zone_id | int4 | 10 | null | Zone Id of a device_ports record. It maps to zone.id |
||
attributes | View | attribute | text | 2147483647 | √ | null | The value for the system attribute |
|
link | Table | device_id2 | int4 | 10 | null | To Device Id for link record. It maps to zone.device.id. |
||
target_highpriority | Table | route_id | int4 | 10 | √ | null | ||
attributeconfig | View | type | text | 2147483647 | √ | null | Indicates the type of CIDR. Default values are set as follows: type is set to target if CIDR belongs to Discovery Spaces => Target List type is set to avoid if CIDR belongs to Discovery Spaces => Avoid List type is set to stop if CIDR belongs to Discovery Spaces => Stop List type is set to trusted if CIDR belongs to Zone Networks => Eligible List type is set to known if CIDR belongs to Zone Networks => Known List type is set to internal if CIDR belongs to Zone Networks => Internal List type is set to user-defined Label when user adds a Custom Attribute |
|
profiles | View | expression | text | 2147483647 | √ | null | ||
target | Table | last_target | timestamp | 29 | √ | null | Timestamp when this target was picked up by a collector last. It is set to null when it is yet to be picked up. When collector asks for next set of records, records with null last_target will get picked up first. If value is non null, targets will be picked up if time elapsed since last_update is greater than rescan interval of a collector. |
|
snmpalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
device | Table | zone_id | int4 | 10 | null | Zone Id of a device record. Since zone.device table is a parent table for all partitioned (by zone_id) tables, same IP Address can be found while querying zone.device table for different zone_id. It maps to zone.id column |
||
device_values | Table | snmpresponder | bool | 1 | √ | false | Boolean flag indicating if given device responded to snmpDiscovery scan type. Set to true if it responded to snmpDiscovery, false otherwise. |
|
target | Table | id | serial | 10 | √ | nextval('zone.target_id_seq'::regclass) | Unique identifier for target record |
|
interface | Table | description | text | 2147483647 | √ | null | Description of interface. It is normalized from device->interface->description. |
|
attributeconfig | View | zone | text | 2147483647 | √ | null | This column shows the zone name and zone id for which the CIDR belongs to. It is represented as zone name (zone id) |
|
interface | Table | iftable_id | int4 | 10 | null | |||
target_highpriority | Table | target_id | int4 | 10 | √ | null | ||
certificate | Table | version | int4 | 10 | √ | null | Version of the certificate |
|
targetm | Table | scantype_id | int4 | 10 | √ | null | ||
device_ports | Table | closed | _int4 | 10 | √ | null | List of all ports that are reported closed for a device. Please see table description for more information. |
|
device_values | Table | known | bool | 1 | √ | false | Boolean flag indicating if given device is known for this zone. Set to true if known, false otherwise. By known, it means that the device is set under Zone->Zone Network->Known List. |
|
edge | Table | layer | int4 | 10 | √ | null | ||
attributes | View | type_id | int4 | 10 | √ | null | Id for system attribute. This maps to system.attributetype.id |
|
interface_route | Table | route_id | int4 | 10 | null | Id of route. It maps to zone.route.id |
||
device_match | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given profile type record. It maps to profile.pattern.id |
||
device_cloudalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_cloudalias record. It maps to zone.id |
||
device_attribute | Table | id | serial | 10 | √ | nextval('zone.device_attribute_id_seq'::regclass) | Unique identifier for device_attribute record |
|
interface_route | Table | route | cidr | 2147483647 | √ | null | Route for this interface_route record. Same value can be found from route.id for matching route_id but it is inserted here as a form of denormalization for faster data retrieval. |
|
device_values | Table | l3hosts | int4 | 10 | √ | 0 | Indicates number of layer3 hosts this device is connected to. In other words, there are l3hosts number of layer3 edges between this device and other devices that are hosts. |
|
device_pattern | Table | port_match | bool | 1 | √ | null | A boolean flag that is set to true if pattern that matched is result of match against services. Services patterns are the ones that are based on certain ports being open. So, if we find open ports and they match with any patterns, port_match is set to true |
|
path | Table | id | serial | 10 | √ | nextval('zone.path_id_seq'::regclass) | ||
wmialias | Table | id | serial | 10 | √ | nextval('zone.wmialias_id_seq'::regclass) | unique identifier for wmialias record |
|
device_snmpalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_snmpalias record. It maps to zone.id |
||
mapnode | Table | id | serial | 10 | √ | nextval('zone.mapnode_id_seq'::regclass) | Unique identifier for mapnode record |
|
snmpalias | Table | credential | text | 2147483647 | √ | null | Credentials for snmpalias record. Credentials are stored in following format. <version of credential(either v2 or v3)>:alias name:encoded credentials. |
|
device | Table | enterprise_id | int4 | 10 | √ | null | ||
snmpaliasgroup | Table | aliases | _text | 2147483647 | null | Array of credentials for given snmpaliasgroup record. |
||
interface | Table | voicevlan | int4 | 10 | √ | null | ||
interface | Table | vlan | int4 | 10 | √ | null | Vlan of interface. It is normalized from device->interface->vlan as well as device->interface->switchInfo->vlans. If switchInfo contains vlan, it will use that instead of interface->vlan. |
|
target_highpriority | Table | ordid | float4 | 8 | √ | random() | ||
target | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id |
|
interface_route | Table | zone_id | int4 | 10 | null | Zone Id for interface_route record. |
||
attribute_cidr | Table | id | serial | 10 | √ | nextval('zone.attribute_cidr_id_seq'::regclass) | Unique identifier for attribute_cidr record |
|
route | Table | target | bool | 1 | √ | null | Boolean indicating if given route is in targeted CIDR list for any collectors of this zone. Targeted CIDR list represents CIDRs set in Discovery Spaces => Target List table. Set to true if it is targeted, false otherwise |
|
edge | Table | interface_id1 | int4 | 10 | √ | null | ||
edge | Table | zone_id | int4 | 10 | null | |||
device_vendor | View | vendor | text | 2147483647 | √ | null | ||
certificatepath_pattern | Table | certificatepath_id | int4 | 10 | null | Id of certificatepath that this certificatepath matches. It maps to zone.certificatepath.id |
||
route | Table | known | bool | 1 | √ | null | Boolean indicating if given route is in known CIDR list for this zone. Known CIDR list represents CIDRs set in Zone Networks => Known List. Set to true if it is known, false otherwise |
|
nackcandidate | Table | mac | macaddr | 2147483647 | √ | null | ||
target_shadow | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
target | Table | details | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
device_match | Table | zone_id | int4 | 10 | null | Zone Id of a device_match record. zone.device_match table is a parent table for all partitioned (by zone_id) zone_xxx.device_match tables. It maps to zone.id column |
||
linkset | Table | zone_id | int4 | 10 | √ | null | Zone Id for linkset record. It maps to system.zone.id |
|
cloudalias | Table | id | serial | 10 | √ | nextval('zone.cloudalias_id_seq'::regclass) | unique identifier for cloudalias record |
|
device_values | Table | zone_id | int4 | 10 | null | Zone Id of a device_values record. It maps to zone.id |
||
wmialias | Table | credential | text | 2147483647 | √ | null | Credentials for wmialias record. Credentials are stored in following format: alias name:domain:encoded credentials. |
|
snmpalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.snmpalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
device_vendor | View | profiled | text | 2147483647 | √ | null | ||
attribute_cidr | Table | hasresponses | bool | 1 | √ | false | Boolean flag set to true or false indicating if CIDR (in cidrval column) contains any device that has any responses recorded. Set to true if there is any entry in device_response for any device containing this CIDR record, false otherwise |
|
updatetargetspace_log | Table | last_run | timestamp | 29 | √ | now() | Time when update target was run for this reord |
|
device | Table | id | serial | 10 | √ | nextval('zone.device_id_seq'::regclass) | Unique identifier for device record |
|
profiles | View | confidence | int4 | 10 | √ | null | ||
certificatepath | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath record |
||
wmialias | Table | zone_id | int4 | 10 | null | Zone Id for wmialias record. It maps to system.zone.id |
||
protocol_numbers | Table | keyword | text | 2147483647 | √ | null | ||
config | Table | id | serial | 10 | √ | nextval('zone.config_id_seq'::regclass) | Unique identifier for config record |
|
device_profiledata | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
target_hist | Table | batchid | int4 | 10 | √ | null | ||
target_shadow | Table | detailsnew | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
updatetargetspace_log | Table | message | text | 2147483647 | √ | null | Status message indicating start and completion for update target processing |
|
nackcandidate | Table | scantype_id | int4 | 10 | null | |||
certificatepath | Table | path | text | 2147483647 | √ | null | Certificate text that is received in the response. |
|
device_cloudalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
path | Table | collector_id | int4 | 10 | null | |||
device_pattern | Table | profiledata_id | int4 | 10 | √ | null | Id of profiledata that is matched against this device and pattern record. It maps to zone.profiledata.id. It contains a non null value for all matches resulted from snmp (sysDescr, sysObj), CIFS, tcp (p0f) responses. |
|
edge | Table | node_id2 | int4 | 10 | null | |||
device_response | Table | ports | _int4 | 10 | √ | null | List of ports (if any) that constituted this response. For example, for cifs response, it will be set to 445, for host response coming from dns, it will be set to 53. This column is only populated for httpDetails, hostDiscovery and cifs. Device->response->ports get normalized in this column. It contains all the list of ports a device has received response from for a given scan type and protocol at any given point in time. |
|
acknowledgeddevice | Table | user_id | int4 | 10 | null | |||
mapnode | Table | asset_reference | text | 2147483647 | √ | null | Asset Reference value for mapnode record. |
|
route | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this route record was created/updated |
|
target | Table | batchid | int4 | 10 | √ | null | A serial number that gets inserted each time a collector is given list of targets. It contains nextval('zone.target_batch_id'). |
|
device | Table | mac | macaddr | 2147483647 | √ | null | MAC address of a device. MAC and meta flag has to be unique within a zone. |
|
interface | Table | rootport | bool | 1 | √ | null | Rootport of interface. It is normalized from device->interface->index->switchInfo->rootPort. |
|
device | Table | meta | bool | 1 | √ | false | Boolean flag that indicates whether this device was discovered and has gone through any type of consolidation. Value of false means that the device was discovered and has not gone through any consolidation. Value of true means it was consolidated as part of another discovery. |
|
interface_route | Table | withdrawn | bool | 1 | √ | false | Has this route been withdrawn by the discovering routing protocol (currently only BGP supports this) |
|
attribute | Table | id | serial | 10 | √ | nextval('zone.attribute_id_seq'::regclass) | Unique identifier for attribute record |
|
interface | Table | vlans | _int4 | 10 | √ | null | ||
routeprotocol | Table | id | serial | 10 | √ | nextval('zone.routeprotocol_id_seq'::regclass) | Unique identifier for routeprotocol record |
|
target_shadow | Table | id | serial | 10 | √ | nextval('zone.target_shadow_id_seq'::regclass) | Unique identifier for target_shadow record |
|
cloudalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
target_hist | Table | details | text | 2147483647 | √ | null | ||
iftable | Table | contenthash | text | 2147483647 | null | Content hash of interface data that is constructed by concatenating interface index, description, name, alias, adminstatus, opstatus, physical address, addresses, vlan, voicevlan, switchinto port, switchinfo rootport, switchinfo trunkport, switchinfo vlans, switchinfo hosts acrosss all incoming interface infomation. It is used to perform a check to decide if any further update on interface is needed or not. For an incoming response, if a hash in iftable machtes with response's hash but contenthash doesn't match, ( Any of the attributes that calculates content hash has changed since last time we got response ) appropariate updates to iftable, interface and interface_hosts are made, else that procesing is skipped. Contenthash will be empty when iftable entry represents device level route processing. |
||
mapnode | Table | map_id | int4 | 10 | null | Id of map this mapnode record refers to. |
||
profile_translation | Table | id | serial | 10 | √ | nextval('zone.profile_translation_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
device_ports | Table | closed_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported closed. Sample values - "21"=>"25048310", "23"=>"25048310", "25"=>"25048310"≠ |
|
target_shadow | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id however, there is no foreign key relation specified for this column. |
|
device_vendor | View | device_id | int4 | 10 | √ | null | ||
device_values | Table | version | text | 2147483647 | √ | null | Indicates version of this device. For the most up to date and accurate version info, use device_match table. |
|
acknowledgeddevice | Table | zone_id | int4 | 10 | null | |||
interface | Table | zone_id | int4 | 10 | null | Zone Id for interface entry. |
||
target_highpriority | Table | batchid | int4 | 10 | √ | null | ||
interface_host | Table | device_id | int4 | 10 | null | Device Id of MAC that is host for this interface. |
||
profile_translation | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledatatype record |
||
attributeconfig | View | cidrval | cidr | 2147483647 | √ | null | This column stores the value of the CIDR |
|
interface | Table | alias | text | 2147483647 | √ | null | Alias of interface. It is normalized from device->interface->alias. |
|
nackcandidate | Table | collector_id | int4 | 10 | null | |||
device_response | Table | collector_id | int4 | 10 | null | Collector Id of a device this record belongs to. It maps to system.collector.id |
||
attribute_cidr | Table | attribute_id | int4 | 10 | √ | null | Id of attribute value. Maps to zone.attribute.id |
|
iftable_vlan | Table | name | text | 2147483647 | null | Name of vlan |
||
attributes | View | identity | text | 2147483647 | √ | null | ||
device_response | Table | time | timestamp | 29 | √ | null | Time when a device response was received for given scan type and protocol. |
|
device_values | Table | l2hosts | int4 | 10 | √ | 0 | Indicates number of layer2 hosts this device is connected to. In other words, there are l2hosts number of layer2 edges between this device and other devices that are hosts. |
|
profiledata | Table | timestamp | timestamp | 29 | √ | transaction_timestamp() | ||
certificate | Table | signaturetype | text | 2147483647 | √ | null | Signature type of the certificate. For example RSA(4096), EC |
|
device_pattern | Table | attribute_id | int4 | 10 | √ | null | Not used. |
|
certificate | Table | certificatetype | text | 2147483647 | √ | null | Type of the certificate. For example SHA256withRSA, SHA1withRSA |
|
link | Table | last_update | timestamp | 29 | √ | now() | Timestamp when this record was created/updated |
|
updatetargetspace_log | Table | zone_id | int4 | 10 | null | Zone Id for updatetargetspace_log record. |
||
interface_route | Table | first_observed | timestamptz | 35 | √ | now() | Timestamp when this route was first seen. If the route is expired out and recreated, this will be the timestamp from when we last created it. |
|
profiledata | Table | type_id | int4 | 10 | null | |||
updatetargetspace_log | Table | count | int4 | 10 | √ | null | Number of records that got impacted by this run and action. |
|
interface_route | Table | nexthop | inet | 2147483647 | √ | null | Next hop for this route. |
|
interface_route | Table | interface_id | int4 | 10 | null | Interface Id for iftable_vlan record. It maps to zone.interface.id |
||
acknowledgeddevice | Table | device_id | int4 | 10 | null | |||
target_highpriority | Table | collector_id | int4 | 10 | null | |||
device_pattern | Table | device_id | int4 | 10 | null | Id of a device this pattern match belongs to. It maps to device.id |
||
cloudalias | Table | credential | text | 2147483647 | √ | null | Credentials for cloudalias record. Credentials are stored in following format: <cloud provider for credential(aws)>:alias name:encoded credentials. |
|
device_values | Table | hasresponses | bool | 1 | √ | false | Boolean flag indicating if given device has any responses recorded. Set to true if there is any entry in device_response for this device, false otherwise. |
|
device_values | Table | internal | bool | 1 | √ | false | Boolean flag indicating if given device is internal for this zone. Set to true if internal, false otherwise. By internal, it means that the device is set under Zone->Zone Network->Internal List. |
|
mapnode | Table | width | float4 | 8 | √ | null | Width value for mapnode record. |
|
device_response | Table | zone_id | int4 | 10 | null | Zone Id of a device_response record. It maps to zone.id |
||
links | View | device1 | text | 2147483647 | √ | null | ||
links | View | layer | text | 2147483647 | √ | null | ||
macvendor_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for macvendor_pattern record. It maps to profile.pattern.id |
||
config | Table | value | text | 2147483647 | √ | null | Configuration value for a given key, within a collector and zone |
|
device_profiledata | Table | zone_id | int4 | 10 | null | Zone Id of a device_profiledata record. It maps to zone.id |
||
target_hist | Table | cidr_id | int4 | 10 | √ | null | ||
device | Table | identity | text | 2147483647 | √ | null | A metadata that further identifies a device, especially the ones that don't have IP Address or MAC address. Possible values include (but are not limited to) collector:* or stealth:*. When a stealth device is found, notation that is being used to populate identity is stealth: |
|
device | Table | device_id | int4 | 10 | √ | null | Parent Id of a device. parent child relationship is implemented with self join to device table. If this field is not null, it indicates that this device is a child device and device.id that matches up with this zone.device.device_id is parent of this child. |
|
route | Table | id | serial | 10 | √ | nextval('zone.route_id_seq'::regclass) | Unique identifier for route record |
|
cloudalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.cloudalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
device_response | Table | id | serial | 10 | √ | nextval('zone.device_response_id_seq'::regclass) | Unique identifier for device response record |
|
device_cloudalias | Table | last_update | timestamp | 29 | √ | now() | The most recent time when a device has responded with given cloud alias. It gets updated with current timestamp everytime a device response for cloud discovery is received for an alias. |
|
route | Table | trusted | bool | 1 | √ | null | Boolean indicating if given route is in eligible CIDR list for this zone. Eligible CIDR list represents CIDRs set in Zone Networks => Eligible List.Set to true if it is eligible, false otherwise |
|
link | Table | device_id1 | int4 | 10 | null | From Device Id for link record. It maps to zone.device.id. |
||
device_values | Table | vendor | text | 2147483647 | √ | null | Indicates vendor of this device. For the most up to date and accurate vendor info, use device_match table. |
|
device_values | Table | id | serial | 10 | √ | nextval('zone.device_values_id_seq'::regclass) | Unique identifier for device_values record |
|
interface_address | Table | zone_id | int4 | 10 | null | Zone Id for interface address record. |
||
target_hist | Table | cidrval | cidr | 2147483647 | null | |||
certificatepath_pattern | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath_pattern record |
||
device | Table | lastupdate | text | 2147483647 | √ | null | Indicates how or why of the last update for this. It only retains the reason for the last update that happened to this device. For example, when an interface table data is processed for the first time, IP Address for that interface data gets lastupdate set to iftable-dev, however, while processing later response, if we got another update, we will then set the lastupdate to later response code. Possible values are: ident-ins - This value will be set if device with given identity doesn't exist in db and incoming device does not have IP associated with it. This will be mostly be true for all stealth devices. As we discover them, we insert them in db with lastupdate set to ident-ins identip-ins - very similar to ident-ins, This value will be seen if device with given identity does not exist in db and incoming device contains an IP Address. This will be true for collector device identip-upd - This value will be set when a response comes in for collector or stealth and there is no device in db with that entity. However, since IP Address exists in the database, we update existing database device and set its last update to identip-upd iftable-dev - This value will be set when a device interface table data is processed, one IP Address gets picked from available interface addresses and entry is created in device table for that IP Address and lastupdate for that device gets set to iftable-dev (along with meta to be true and iftable_id to be interface table id for this interface data) intf-ip-ins - This value will be set when a device interface data is processed, entries in interface->addresses (these are interface IP Addresses) and interface->physicalAddress (these are interface macs) gets inserted as devices. Their lastupdate is set to intf-ip-ins and device_id is set to id of device for that interface table data intf-ip-upd - This value will be set when while processing device interface data, if entry exists in the database for either interface->addresses or interface->physicaladdress but assigned to different device, (device_id is not same as id of interface device that we are processing), device for this IP or MAC gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed if IP Address exists in the database that is also contained in interface->addresess, database entry for that IP gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed and null mac ip - This value will be set when a device is discovered for the first time layer2-hosts - This value will be set when all MAC addresses present in interface->switchInfo->hosts get inserted into device table with lastupdate set to layer2-hosts. are almost always devices with null ip macip-arp - This value will be set When a device interface data is processed, all ARP entries (present in device->interface->hosts (as MAC/IP pairs)), where both MAC or IP does not exist in the database, gets inserted in to device table (with few exceptions) with lastupdate set to macip-arp snmp-macip - There are few scenarios when a device.lastupdate gets set to snmp-macip: 1. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device with either of the MAC address or IP Address does not exist in the database, a device entry is created with lastupdate set to snmp-macip - This is really synonymous to macip-arp and might need to change it to macip-arp 2. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device exists in the database with IP that is in MAC/IP pair, however no device exists in the database with MAC from MAC/IP pair, and database device with IP does not have a MAC associated with it, that database device gets updated with MAC from arp entry and lastupdate is set to snmp-macip 3. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if two separate devices exist in the database (one with IP set to arp IP and another one with MAC set to arp MAC) and none of the devices in the database are consolidated (their device_id is null) and if IP device in database also has a MAC (different then the one in arp entry), update database device with arp IP and set its IP Address to null and lastupdate to snmp-macip and ident set to "unassigned: |
|
target_shadow | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id however, there is no foreign key relation specified for this column. |
||
response_decision | Table | iftable_id | int4 | 10 | √ | null | Iftable Id for response_decision record. It maps to zone.iftable.id. There should only be a unique iftable_id for every new device detected |
|
updates | Table | op | text | 2147483647 | √ | null | ||
profiledata_pattern | Table | zone_id | int4 | 10 | null | Zone Id for profiledata_pattern record. It maps to system.zone.id |
||
device_match | Table | attribute_id | int4 | 10 | null | Id of an attribute/value for given match record. It maps to profile.attribute. All values for profile.attribute comes from pattern->attribute value of patterns.xml |
||
target_hist | Table | route_id | int4 | 10 | √ | null | ||
interface_route | Table | routeprotocol_id | int4 | 10 | √ | null | Router Protocol id. Maps to zone.routerprotocol.id |
|
interface_address | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface address. |
||
profiledata | Table | rawdata | text | 2147483647 | null | The raw (unnormalized) profile data |
||
profiles | View | type | text | 2147483647 | √ | null | ||
interface_host | Table | zone_id | int4 | 10 | √ | null | Zone Id for interface host record. |
|
device_wmialias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface | Table | port | int4 | 10 | √ | null | Port of interface. It is normalized from device->interface->switchInfo->port. |
|
scantype | Table | id | serial | 10 | √ | nextval('zone.scantype_id_seq'::regclass) | Unique identifier for scantype record |
|
mapnode | Table | zone_id | int4 | 10 | null | Zone Id for mapnode record. It maps to system.zone.id |
||
profiles | View | ip | inet | 2147483647 | √ | null | ||
link | Table | id | serial | 10 | √ | nextval('zone.link_id_seq'::regclass) | Unique identifier for link record |
|
linkset | Table | hosts | bool | 1 | √ | null | Boolean indicating whether this linkset record refers to hosts or nodes. Set to true for hosts, false otherwise. |
|
attributes | View | mac | macaddr | 2147483647 | √ | null | The MAC Address of the device for which the attribute is saved. |
|
profiledata_pattern | Table | profiledata_id | int4 | 10 | null | Profiledata Id for profiledata_pattern record. It maps to zone.profiledata.id |
||
map | Table | created_time | timestamp | 29 | √ | now() | ||
certificatepath | Table | id | serial | 10 | √ | nextval('zone.certificatepath_id_seq'::regclass) | Unique identifier for certificatepath record |
|
macvendor_pattern | Table | macvendor_id | int4 | 10 | null | MacVendor id for macvendor_pattern record. It maps to system.macvendor.id |
||
map | Table | user_id | int4 | 10 | null | |||
target | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
listsize_by_zone_view | View | listtype | text | 2147483647 | √ | null | ||
route | Table | zone_id | int4 | 10 | null | Zone Id for route record. It maps to system.zone.id |
||
device_profiledata | Table | port | int4 | 10 | null | Responding port (where applicable) for profiledata. Set to 0 for profile data types sysDescr, sysObjId and CIFS. Set to -1 for tcp (p0f). Set to the port that responded to this profiledata/banner for profile data type http (certificate) |
||
edge | Table | id | serial | 10 | √ | nextval('zone.edge_id_seq'::regclass) | ||
target | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id |
||
device_pattern | Table | certificatepath_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from http (certificate). It maps to zone.certificatepath.id |
|
route | Table | internal | bool | 1 | √ | null | Boolean indicating if given route is in internal CIDR list for this zone. Internal CIDR list represents CIDRs set in Zone Networks => Internal List.Set to true if it is internal, false otherwise |
|
updatetargetspace_log | Table | id | serial | 10 | √ | nextval('zone.updatetargetspace_log_id_seq'::regclass) | Unique identifier for updatetargetspace_log record |
|
target_highpriority | Table | id | serial | 10 | √ | nextval('zone.target_highpriority_id_seq'::regclass) |