Columns
Table | Type | Column | Type | Size | Nulls | Auto | Default | Comments |
---|---|---|---|---|---|---|---|---|
snmpalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
certificate | Table | signaturetype | text | 2147483647 | √ | null | Signature type of the certificate. For example RSA(4096), EC |
|
device_attribute | Table | id | serial | 10 | √ | nextval('zone.device_attribute_id_seq'::regclass) | Unique identifier for device_attribute record |
|
map | Table | type | text | 2147483647 | null | |||
profile_translation | Table | zone_id | int4 | 10 | null | Zone Id for profiledatatype record |
||
device_wmialias | Table | wmialias_id | int4 | 10 | null | Id of a wmialias this record belongs to. It maps to zone.wmialias.id |
||
certificate | Table | chainorder | int4 | 10 | √ | null | ||
target_shadow | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id however, there is no foreign key relation specified for this column. |
|
device_values | Table | zone_id | int4 | 10 | null | Zone Id of a device_values record. It maps to zone.id |
||
firemon_risk_range | Table | start1 | int4 | 10 | √ | null | ||
device_snmpalias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given alias. It gets updated with current timestamp everytime a device response is received for an SNMP alias. |
|
link | Table | zone_id | int4 | 10 | null | Zone Id for link record |
||
attributes | View | identity | text | 2147483647 | √ | null | ||
iftable | Table | contenthash | text | 2147483647 | null | Content hash of interface data that is constructed by concatenating interface index, description, name, alias, adminstatus, opstatus, physical address, addresses, vlan, voicevlan, switchinto port, switchinfo rootport, switchinfo trunkport, switchinfo vlans, switchinfo hosts acrosss all incoming interface infomation. It is used to perform a check to decide if any further update on interface is needed or not. For an incoming response, if a hash in iftable machtes with response's hash but contenthash doesn't match, ( Any of the attributes that calculates content hash has changed since last time we got response ) appropariate updates to iftable, interface and interface_hosts are made, else that procesing is skipped. Contenthash will be empty when iftable entry represents device level route processing. |
||
interface_address | Table | ip | inet | 2147483647 | √ | null | IP address of interface. |
|
device_values | Table | l3hosts | int4 | 10 | √ | 0 | Indicates number of layer3 hosts this device is connected to. In other words, there are l3hosts number of layer3 edges between this device and other devices that are hosts. |
|
scantype | Table | scantype | text | 2147483647 | √ | null | Value for scan type. |
|
path | Table | collector_id | int4 | 10 | null | |||
links | View | device2 | text | 2147483647 | √ | null | ||
interface_route | Table | route_id | int4 | 10 | null | Id of route. It maps to zone.route.id |
||
certificatepath_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that this certificatepath matches. It maps to profile.pattern.id |
||
certificate | Table | startdate | timestamp | 29 | √ | null | Start date for the certificate |
|
protocol | Table | protocol | text | 2147483647 | √ | null | Value of protocol. Valid values are arp, udp, icmp, snmp, snmpv2, tcp, dns, http, https, cifs, dhcp |
|
path | Table | protocols | _text | 2147483647 | √ | null | ||
profiles | View | mac | macaddr | 2147483647 | √ | null | ||
profiledata_pattern | Table | zone_id | int4 | 10 | null | Zone Id for profiledata_pattern record. It maps to system.zone.id |
||
protocol_numbers | Table | keyword | text | 2147483647 | √ | null | ||
wmialias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
snmpalias | Table | zone_id | int4 | 10 | null | Zone Id for snmpalias record. It maps to system.zone.id |
||
config | Table | key | text | 2147483647 | √ | null | Key represents collector configuration information. Each key is unique for a given collector_id and zone_id record. For specific scantype, the key is represented as |
|
updates | Table | tbl | text | 2147483647 | √ | null | ||
targetm | Table | collector_id | int4 | 10 | √ | null | ||
scantype_alias | Table | alias | text | 2147483647 | √ | null | Alias for scantype that gets displayed on UI for Discovery Statistics By Discovery Types report. |
|
cloudalias | Table | id | serial | 10 | √ | nextval('zone.cloudalias_id_seq'::regclass) | unique identifier for cloudalias record |
|
device_cloudalias | Table | cloudalias_id | int4 | 10 | null | Id of a cloudalias this record belongs to. It maps to zone.cloudalias.id |
||
device_vendor | View | device_id | int4 | 10 | √ | null | ||
profiles | View | identity | text | 2147483647 | √ | null | ||
edge | Table | interface_id2 | int4 | 10 | √ | null | ||
firemon_risk_range | Table | end1 | int4 | 10 | √ | null | ||
device_vendor | View | vendor_source | text | 2147483647 | √ | null | ||
device_values | Table | perimeter | bool | 1 | √ | false | Boolean flag indicating if given device is a perimeter device. Set to true if device is internal and contains a link to another device that is not internal, false otherwise. |
|
edge | Table | layer | int4 | 10 | √ | null | ||
interface_route | Table | nexthop | inet | 2147483647 | √ | null | Next hop for this route. |
|
targetm | Table | cidrval | cidr | 2147483647 | √ | null | ||
device_profiledata | Table | profiledata_id | int4 | 10 | null | Id of a profiledata this record refers to. It maps to zone.profiledata.id. One profiledata_id can be shared across multiple devices. |
||
map | Table | id | serial | 10 | √ | nextval('zone.map_id_seq'::regclass) | ||
links | View | name1 | text | 2147483647 | √ | null | ||
routeprotocol | Table | id | serial | 10 | √ | nextval('zone.routeprotocol_id_seq'::regclass) | Unique identifier for routeprotocol record |
|
target_shadow | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id however, there is no foreign key relation specified for this column. |
|
certificate | Table | serial | text | 2147483647 | √ | null | Serial number of the certificate |
|
profiledata | Table | id | serial | 10 | √ | nextval('zone.profiledata_id_seq'::regclass) | ||
device_values | Table | os | text | 2147483647 | √ | null | Indicates operating system of this device. For the most up to date and accurate operating system info, use device_match table. |
|
acknowledgeddevice | Table | user_id | int4 | 10 | null | |||
mapnode | Table | tag | text | 2147483647 | √ | null | Tag value for mapnode record. |
|
interface_route | Table | asnum | int8 | 19 | √ | null | AS Number for this route. |
|
response_decision | Table | reason | text | 2147483647 | √ | null | Reasaon for the decision made for response_decision record |
|
target_shadow | Table | last_update | timestamptz | 35 | √ | now() | ||
interface_route | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated |
|
target_hist | Table | cidr_id | int4 | 10 | √ | null | ||
link | Table | id | serial | 10 | √ | nextval('zone.link_id_seq'::regclass) | Unique identifier for link record |
|
certificatepath_pattern | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath_pattern record |
||
response_decision | Table | decision | bool | 1 | √ | null | Decision made for response_decision record. True = response from an existing device/false = response from a new device |
|
iftable_vlan | Table | name | text | 2147483647 | null | Name of vlan |
||
device_certificate | Table | zone_id | int4 | 10 | null | Zone Id of a device_certificate record. It maps to zone.id column |
||
interface_route | Table | aspath | _int8 | 19 | √ | null | AS Path for this route. |
|
target_hist | Table | expandedconfig | text | 2147483647 | √ | null | ||
linkset | Table | hosts | bool | 1 | √ | null | Boolean indicating whether this linkset record refers to hosts or nodes. Set to true for hosts, false otherwise. |
|
targetm | Table | scantype_id | int4 | 10 | √ | null | ||
snmpaliasgroup | Table | name | text | 2147483647 | null | Unique name for snmpaliasgroup record. Currently, Spectre has only one snmpaliasgroup name and is called common |
||
device | Table | identity | text | 2147483647 | √ | null | A metadata that further identifies a device, especially the ones that don't have IP Address or MAC address. Possible values include (but are not limited to) collector:* or stealth:*. When a stealth device is found, notation that is being used to populate identity is stealth: |
|
target_hist | Table | details | text | 2147483647 | √ | null | ||
portgroup | Table | name | text | 2147483647 | null | Unique name for portgroup record. Values for name are, common, vulnerable, infectious. Please note that at the moment only vulnerable and infectious groups are used in discovery. |
||
response_decision | Table | id | serial | 10 | √ | nextval('zone.response_decision_id_seq'::regclass) | Unique identifier for response_decision record |
|
route | Table | route | cidr | 2147483647 | √ | null | CIDR value for route |
|
device_values | Table | snmpresponder | bool | 1 | √ | false | Boolean flag indicating if given device responded to snmpDiscovery scan type. Set to true if it responded to snmpDiscovery, false otherwise. |
|
snmpalias | Table | collector_id | int4 | 10 | null | Collector Id for snmpalias record. It maps to system.collector.id |
||
attributes | View | attribute | text | 2147483647 | √ | null | The value for the system attribute |
|
config | Table | collector_id | int4 | 10 | √ | null | Collector Id for this config record. It maps to system.collector.id |
|
device | Table | id | serial | 10 | √ | nextval('zone.device_id_seq'::regclass) | Unique identifier for device record |
|
link | Table | linkset_id | int4 | 10 | null | Linkset Id for link record. It maps to zone.linkset.id. It identifies whether this link is host or node and whether it is representing layer2 link or layer3 link |
||
certificate | Table | port | int4 | 10 | √ | null | ||
portgroup | Table | ports | _int4 | 10 | null | Array of port numbers for given portgroup record. |
||
device_vendor | View | vendor | text | 2147483647 | √ | null | ||
device_response | Table | scantype_id | int4 | 10 | null | Scan Type Id of a device this record belongs to. It maps to zone.scantype.id |
||
interface_route | Table | interface_id | int4 | 10 | null | Interface Id for iftable_vlan record. It maps to zone.interface.id |
||
device_response | Table | vlan | int4 | 10 | √ | null | ||
device_profiledata | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
links | View | device1 | text | 2147483647 | √ | null | ||
attributes | View | ip | inet | 2147483647 | √ | null | The IP Address of the device for which the attribute is saved. |
|
response_decision | Table | sysname | text | 2147483647 | √ | null | Sysname (if exists) used in nlshash for response_decision record |
|
interface_host | Table | vlans | _int4 | 10 | null | Array of vlans for given interface host. device->interface->switchInfo->vlans gets normalized here. |
||
acknowledgeddevice | Table | device_id | int4 | 10 | null | |||
device_match | Table | type_id | int4 | 10 | null | Id of a profile type for given match record. It maps to profile.type. Valid values for profile.type are Device Type, OS, Model, Version, Vendor |
||
updates | Table | fields | hstore | 2147483647 | √ | null | ||
attributeconfig | View | type | text | 2147483647 | √ | null | Indicates the type of CIDR. Default values are set as follows: type is set to target if CIDR belongs to Discovery Spaces => Target List type is set to avoid if CIDR belongs to Discovery Spaces => Avoid List type is set to stop if CIDR belongs to Discovery Spaces => Stop List type is set to trusted if CIDR belongs to Zone Networks => Eligible List type is set to known if CIDR belongs to Zone Networks => Known List type is set to internal if CIDR belongs to Zone Networks => Internal List type is set to user-defined Label when user adds a Custom Attribute |
|
target | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
device_values | Table | hasresponses | bool | 1 | √ | false | Boolean flag indicating if given device has any responses recorded. Set to true if there is any entry in device_response for this device, false otherwise. |
|
target | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id |
|
target_hist | Table | zone_id | int4 | 10 | null | |||
profile_translation | Table | newattribute_id | int4 | 10 | √ | null | Newattribute Id for profiledatatype record. |
|
result | Table | id | serial | 10 | √ | nextval('zone.result_id_seq'::regclass) | ||
linkset | Table | zone_id | int4 | 10 | √ | null | Zone Id for linkset record. It maps to system.zone.id |
|
nackcandidate | Table | scantype_id | int4 | 10 | null | |||
device | Table | lastobserved | timestamptz | 35 | √ | now() | Timestamp a device was last observed. Timestamp refers to timestamp/timezone of database server. It gets updated each time a response is received for this device. Note: Each time a response is received and processed for a device, lastobserved gets current timestamp and active gets set to true. |
|
target_highpriority | Table | zone_id | int4 | 10 | null | |||
edge | Table | node_id2 | int4 | 10 | null | |||
iftable_vlan | Table | iftable_id | int4 | 10 | null | Iftable Id for iftable_vlan record. It maps to zone.iftable.id. There is a one to many relationship between iftable id and vlan hence same iftable id can have multiple records for different vlan info |
||
device_response | Table | id | serial | 10 | √ | nextval('zone.device_response_id_seq'::regclass) | Unique identifier for device response record |
|
attributeconfig | View | collector | text | 2147483647 | √ | null | This column shows the collector name and collector id for which the CIDR belongs to. It is represented as Collector name (collector id) |
|
target_highpriority | Table | collector_id | int4 | 10 | null | |||
device_profiledata | Table | zone_id | int4 | 10 | null | Zone Id of a device_profiledata record. It maps to zone.id |
||
response_decision | Table | match_id | int4 | 10 | √ | null | Id of matching response for response_decision record. Negative if from a new device |
|
interface | Table | id | serial | 10 | √ | nextval('zone.interface_id_seq'::regclass) | Unique identifier for interfacetable record. |
|
targetm | Table | device_id | int4 | 10 | √ | null | ||
attributes | View | attribute_id | int4 | 10 | √ | null | Id for value of the system attribute. This maps to zone.attribute.attributetype_id |
|
target | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id |
||
target_hist | Table | action | text | 2147483647 | √ | null | ||
target | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id |
|
interface | Table | name | text | 2147483647 | √ | null | Name of interface. It is normalized from device->interface->name. |
|
scantype_alias | Table | affects_active | bool | 1 | √ | true | ||
config | Table | id | serial | 10 | √ | nextval('zone.config_id_seq'::regclass) | Unique identifier for config record |
|
updates | Table | op | text | 2147483647 | √ | null | ||
device | Table | enterprise_id | int4 | 10 | √ | null | ||
routetype | Table | id | serial | 10 | √ | nextval('zone.routetype_id_seq'::regclass) | Unique identifier for routetype record |
|
certificate | Table | expiredate | timestamp | 29 | √ | null | Expiration date of the certificate |
|
device_response | Table | collector_id | int4 | 10 | null | Collector Id of a device this record belongs to. It maps to system.collector.id |
||
wmialias | Table | credential | text | 2147483647 | √ | null | Credentials for wmialias record. Credentials are stored in following format: alias name:domain:encoded credentials. |
|
listsize_by_zone_view | View | listtype | text | 2147483647 | √ | null | ||
wmialias | Table | id | serial | 10 | √ | nextval('zone.wmialias_id_seq'::regclass) | unique identifier for wmialias record |
|
profiledata | Table | zone_id | int4 | 10 | null | |||
device_pattern | Table | port_match | bool | 1 | √ | null | A boolean flag that is set to true if pattern that matched is result of match against services. Services patterns are the ones that are based on certain ports being open. So, if we find open ports and they match with any patterns, port_match is set to true |
|
device_response | Table | time | timestamptz | 35 | √ | null | Time when a device response was received for given scan type and protocol. |
|
device_attribute | Table | zone_id | int4 | 10 | null | Zone Id of a device_attribute record. It maps to zone.id column |
||
device_wmialias | Table | zone_id | int4 | 10 | null | Zone Id of a device_wmialias record. It maps to zone.id |
||
scantype_alias | Table | scantype | text | 2147483647 | √ | null | Internal scantype value that maps to scantype.type |
|
response_decision | Table | nlshash | text | 2147483647 | √ | null | Sysname/syslocation/serial number for response_decision record |
|
links | View | layer | text | 2147483647 | √ | null | ||
device_snmpalias | Table | snmpalias_id | int4 | 10 | null | Id of a snmpalias this record belongs to. It maps to zone.snmpalias.id |
||
path | Table | zone_id | int4 | 10 | null | |||
attribute | Table | id | serial | 10 | √ | nextval('zone.attribute_id_seq'::regclass) | Unique identifier for attribute record |
|
device_match | Table | confidence | int4 | 10 | null | Confidence for any given match record. It is derived from profile.pattern_attribute for matching pattern_id and type_id. It is stored in device_match to make fetching profile information avoiding lookup against pattern_attribute. |
||
map | Table | user_id | int4 | 10 | null | |||
target_highpriority | Table | expandedconfig | text | 2147483647 | √ | null | ||
attribute_cidr | Table | collector_id | int4 | 10 | √ | null | Collector Id. Maps to system.collector.id |
|
edge | Table | zone_id | int4 | 10 | null | |||
attributeconfig | View | cidrval | cidr | 2147483647 | √ | null | This column stores the value of the CIDR |
|
iftable_vlan | Table | vlan | int4 | 10 | null | Vlan number. |
||
certificatepath | Table | id | serial | 10 | √ | nextval('zone.certificatepath_id_seq'::regclass) | Unique identifier for certificatepath record |
|
targetm | Table | overwrite | bool | 1 | √ | null | ||
attributes | View | type | text | 2147483647 | √ | null | The name of the system attribute |
|
cloudalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.cloudalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
mapnode | Table | zone_id | int4 | 10 | null | Zone Id for mapnode record. It maps to system.zone.id |
||
certificate | Table | id | serial | 10 | √ | nextval('zone.certificate_id_seq'::regclass) | Unique identifier for certificate record |
|
target_highpriority | Table | target_id | int4 | 10 | √ | null | ||
target | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id |
|
profiledatatype | Table | id | serial | 10 | √ | nextval('zone.profiledatatype_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
certificate | Table | subject_id | int4 | 10 | √ | null | Id for data referencing certificate subject. It maps to zone.certificatepath.id |
|
protocol_numbers | Table | decimal | int4 | 10 | √ | null | ||
response_decision | Table | created_at | timestamptz | 35 | √ | now() | created_at timestamp when this record was created |
|
scantype_alias | Table | phase | int4 | 10 | √ | null | ||
target_shadow | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id however, there is no foreign key relation specified for this column. |
||
profiles | View | expression | text | 2147483647 | √ | null | ||
target | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id. |
||
device | Table | maclastobserved | timestamptz | 35 | √ | null | Timestamp of the last time this MAC/IP pairing was seen. This will be used to potentially time out the MAC address for this device (which might occur if the device picks up its address via DHCP and moves from one subnet to another on the network) |
|
targetm | Table | route_id | int4 | 10 | √ | null | ||
attribute_cidr | Table | hasresponses | bool | 1 | √ | false | Boolean flag set to true or false indicating if CIDR (in cidrval column) contains any device that has any responses recorded. Set to true if there is any entry in device_response for any device containing this CIDR record, false otherwise |
|
snmpalias | Table | id | serial | 10 | √ | nextval('zone.snmpalias_id_seq'::regclass) | Unique identifier for snmpalias record |
|
wmialias | Table | collector_id | int4 | 10 | null | Collector Id for wmialias record. It maps to system.collector.id |
||
target | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id |
||
device_pattern | Table | zone_id | int4 | 10 | null | Zone Id of a device_pattern record. It maps to zone.id column |
||
snmpalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.snmpalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
certificate | Table | issuer_id | int4 | 10 | √ | null | Id for data referencing certificate issuer. It maps to zone.certificatepath.id |
|
attributeconfig | View | zone | text | 2147483647 | √ | null | This column shows the zone name and zone id for which the CIDR belongs to. It is represented as zone name (zone id) |
|
interface | Table | infhash | text | 2147483647 | √ | null | Hash of interface key parameters index/name/physicaladdress. |
|
targetm | Table | zone_id | int4 | 10 | √ | null | ||
device | Table | zone_id | int4 | 10 | null | Zone Id of a device record. Since zone.device table is a parent table for all partitioned (by zone_id) tables, same IP Address can be found while querying zone.device table for different zone_id. It maps to zone.id column |
||
profile_translation | Table | content_id | int4 | 10 | √ | null | Content Id for profiledatatype record. |
|
device_ports | Table | closed | _int4 | 10 | √ | null | List of all ports that are reported closed for a device. Please see table description for more information. |
|
profiles | View | ip | inet | 2147483647 | √ | null | ||
target_hist | Table | cidrval | cidr | 2147483647 | null | |||
target | Table | batchid | int4 | 10 | √ | null | A serial number that gets inserted each time a collector is given list of targets. It contains nextval('zone.target_batch_id'). |
|
target_highpriority | Table | id | serial | 10 | √ | nextval('zone.target_highpriority_id_seq'::regclass) | ||
device_attribute | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
interface_host | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface host. |
||
interface | Table | zone_id | int4 | 10 | null | Zone Id for interface entry. |
||
mapnode | Table | height | float4 | 8 | √ | null | Height value for mapnode record. |
|
profiles | View | confidence | int4 | 10 | √ | null | ||
profiledata_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledata_pattern record. It maps to profile.pattern.id |
||
profiledatatype | Table | type | text | 2147483647 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
device_response | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_values | Table | l2peers | int2 | 5 | √ | 0 | Indicates number of layer2 nodes this device is connected to. In other words, there are l2peers number of layer2 edges between this device and other devices that are not hosts. |
|
nackcandidate | Table | ip | inet | 2147483647 | √ | null | ||
interface | Table | adminstatus | int4 | 10 | √ | null | AdminStatus of interface. It is normalized from device->interface->adminStatus. |
|
response_decision | Table | syslocation | text | 2147483647 | √ | null | Syslocation (if exists) used in nlshash for response_decision record |
|
target_hist | Table | collector_id | int4 | 10 | null | |||
device_ports | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
certificate | Table | certificatetype | text | 2147483647 | √ | null | Type of the certificate. For example SHA256withRSA, SHA1withRSA |
|
target_hist | Table | id | serial | 10 | √ | nextval('zone.target_hist_id_seq'::regclass) | ||
certificatepath | Table | time | timestamptz | 35 | √ | transaction_timestamp() | Timestamp when this record was created/updated. |
|
device_attribute | Table | attributetype_id | int4 | 10 | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, serialNumber. |
||
interface | Table | indconthash | text | 2147483647 | √ | null | Hash of interface all the interface parameters. |
|
cloudalias | Table | collector_id | int4 | 10 | null | Collector Id for cloudalias record. It maps to system.collector.id |
||
mapnode | Table | xcoord | float4 | 8 | √ | null | X coordinate value for mapnode record. |
|
link | Table | device_id1 | int4 | 10 | null | From Device Id for link record. It maps to zone.device.id. |
||
mapnode | Table | map_id | int4 | 10 | null | Id of map this mapnode record refers to. |
||
device_ports | Table | open_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported open. Sample values - "80"=>"25048454", "135"=>"25048454" |
|
device_attribute | Table | attribute_id | int4 | 10 | √ | null | Id of attribute this mapping represents. It maps to zone.attribute.id |
|
target_highpriority | Table | scantype_id | int4 | 10 | null | |||
device_match | Table | attribute_id | int4 | 10 | null | Id of an attribute/value for given match record. It maps to profile.attribute. All values for profile.attribute comes from pattern->attribute value of patterns.xml |
||
updatetargetspace_log | Table | message | text | 2147483647 | √ | null | Status message indicating start and completion for update target processing |
|
listsize_by_zone_view | View | zone_id | int4 | 10 | √ | null | ||
profiledata | Table | hash | text | 2147483647 | null | MD5 hash of the (normalized) data column |
||
device_cloudalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_cloudalias record. It maps to zone.id |
||
iftable | Table | zone_id | int4 | 10 | null | Zone Id for interface table entry |
||
wmialias | Table | zone_id | int4 | 10 | null | Zone Id for wmialias record. It maps to system.zone.id |
||
attribute_cidr | Table | attributetype_id | int4 | 10 | null | Id of attribute type. Maps to system.attributetype.id |
||
target_shadow | Table | detailsold | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. A non null value indicates update and holds details column value from target table prior to update. A null value indicates that this record was an insert. |
|
nackcandidate | Table | mac | macaddr | 2147483647 | √ | null | ||
device_values | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
snmpalias | Table | credential | text | 2147483647 | √ | null | Credentials for snmpalias record. Credentials are stored in following format. <version of credential(either v2 or v3)>:alias name:encoded credentials. |
|
firemon_risk_range | Table | risk | text | 2147483647 | √ | null | ||
nackcandidate | Table | id | serial | 10 | √ | nextval('zone.nackcandidate_id_seq'::regclass) | ||
attribute_cidr | Table | attribute_id | int4 | 10 | √ | null | Id of attribute value. Maps to zone.attribute.id |
|
target_hist | Table | device_id | int4 | 10 | √ | null | ||
interface_address | Table | zone_id | int4 | 10 | null | Zone Id for interface address record. |
||
device_values | Table | internal | bool | 1 | √ | false | Boolean flag indicating if given device is internal for this zone. Set to true if internal, false otherwise. By internal, it means that the device is set under Zone->Zone Network->Internal List. |
|
updatetargetspace_log | Table | parameters | _text | 2147483647 | √ | null | Parameters passed in for update target processing. Possible parameters are onlyDeletes and verification |
|
device | Table | device_id | int4 | 10 | √ | null | Parent Id of a device. parent child relationship is implemented with self join to device table. If this field is not null, it indicates that this device is a child device and device.id that matches up with this zone.device.device_id is parent of this child. |
|
attribute_cidr | Table | timestamp | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated. |
|
interface | Table | opstatus | int4 | 10 | √ | null | Optstatus of interface. It is normalized from device->interface->opstatus. |
|
profiles | View | parent_id | int4 | 10 | √ | null | ||
forwarders_range | Table | end1 | int4 | 10 | √ | null | End value for this range record |
|
profile_translation | Table | id | serial | 10 | √ | nextval('zone.profile_translation_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
target_highpriority | Table | cidrval | cidr | 2147483647 | null | |||
device | Table | lastupdate | text | 2147483647 | √ | null | Indicates how or why of the last update for this. It only retains the reason for the last update that happened to this device. For example, when an interface table data is processed for the first time, IP Address for that interface data gets lastupdate set to iftable-dev, however, while processing later response, if we got another update, we will then set the lastupdate to later response code. Possible values are: ident-ins - This value will be set if device with given identity doesn't exist in db and incoming device does not have IP associated with it. This will be mostly be true for all stealth devices. As we discover them, we insert them in db with lastupdate set to ident-ins identip-ins - very similar to ident-ins, This value will be seen if device with given identity does not exist in db and incoming device contains an IP Address. This will be true for collector device identip-upd - This value will be set when a response comes in for collector or stealth and there is no device in db with that entity. However, since IP Address exists in the database, we update existing database device and set its last update to identip-upd iftable-dev - This value will be set when a device interface table data is processed, one IP Address gets picked from available interface addresses and entry is created in device table for that IP Address and lastupdate for that device gets set to iftable-dev (along with meta to be true and iftable_id to be interface table id for this interface data) intf-ip-ins - This value will be set when a device interface data is processed, entries in interface->addresses (these are interface IP Addresses) and interface->physicalAddress (these are interface macs) gets inserted as devices. Their lastupdate is set to intf-ip-ins and device_id is set to id of device for that interface table data intf-ip-upd - This value will be set when while processing device interface data, if entry exists in the database for either interface->addresses or interface->physicaladdress but assigned to different device, (device_id is not same as id of interface device that we are processing), device for this IP or MAC gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed if IP Address exists in the database that is also contained in interface->addresess, database entry for that IP gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed and null mac ip - This value will be set when a device is discovered for the first time layer2-hosts - This value will be set when all MAC addresses present in interface->switchInfo->hosts get inserted into device table with lastupdate set to layer2-hosts. are almost always devices with null ip macip-arp - This value will be set When a device interface data is processed, all ARP entries (present in device->interface->hosts (as MAC/IP pairs)), where both MAC or IP does not exist in the database, gets inserted in to device table (with few exceptions) with lastupdate set to macip-arp snmp-macip - There are few scenarios when a device.lastupdate gets set to snmp-macip: 1. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device with either of the MAC address or IP Address does not exist in the database, a device entry is created with lastupdate set to snmp-macip - This is really synonymous to macip-arp and might need to change it to macip-arp 2. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device exists in the database with IP that is in MAC/IP pair, however no device exists in the database with MAC from MAC/IP pair, and database device with IP does not have a MAC associated with it, that database device gets updated with MAC from arp entry and lastupdate is set to snmp-macip 3. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if two separate devices exist in the database (one with IP set to arp IP and another one with MAC set to arp MAC) and none of the devices in the database are consolidated (their device_id is null) and if IP device in database also has a MAC (different then the one in arp entry), update database device with arp IP and set its IP Address to null and lastupdate to snmp-macip and ident set to "unassigned: |
|
certificatepath_pattern | Table | certificatepath_id | int4 | 10 | null | Id of certificatepath that this certificatepath matches. It maps to zone.certificatepath.id |
||
target_shadow | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
updatetargetspace_log | Table | action | text | 2147483647 | √ | null | Type of action this updatetargetspace_log record represents. Valid values are: insert, update, delete. |
|
targetm | Table | cidr_id | int4 | 10 | √ | null | ||
link | Table | device_id2 | int4 | 10 | null | To Device Id for link record. It maps to zone.device.id. |
||
profiles | View | attribute | text | 2147483647 | √ | null | ||
interface_route | Table | route | cidr | 2147483647 | √ | null | Route for this interface_route record. Same value can be found from route.id for matching route_id but it is inserted here as a form of denormalization for faster data retrieval. |
|
scantype | Table | id | serial | 10 | √ | nextval('zone.scantype_id_seq'::regclass) | Unique identifier for scantype record |
|
device_pattern | Table | attribute_id | int4 | 10 | √ | null | Not used. |
|
updatetargetspace_log | Table | id | serial | 10 | √ | nextval('zone.updatetargetspace_log_id_seq'::regclass) | Unique identifier for updatetargetspace_log record |
|
target_shadow | Table | last_target | timestamptz | 35 | √ | null | ||
target_highpriority | Table | batchid | int4 | 10 | √ | null | ||
target_hist | Table | ordid | float4 | 8 | √ | random() | ||
macvendor_pattern | Table | macvendor_id | int4 | 10 | null | MacVendor id for macvendor_pattern record. It maps to system.macvendor.id |
||
target_hist | Table | scantype_id | int4 | 10 | null | |||
mapnode | Table | action_items | text | 2147483647 | √ | null | Action Items for mapnode record. |
|
attribute_cidr | Table | zone_id | int4 | 10 | null | Zone Id for attribute_cidr record |
||
mapnode | Table | device_id | int4 | 10 | √ | null | Device Id for this node. |
|
device_values | Table | id | serial | 10 | √ | nextval('zone.device_values_id_seq'::regclass) | Unique identifier for device_values record |
|
interface | Table | alias | text | 2147483647 | √ | null | Alias of interface. It is normalized from device->interface->alias. |
|
updates | Table | time | timestamptz | 35 | √ | now() | ||
target_highpriority | Table | last_target | timestamptz | 35 | √ | null | ||
device_pattern | Table | profiledata_id | int4 | 10 | √ | null | Id of profiledata that is matched against this device and pattern record. It maps to zone.profiledata.id. It contains a non null value for all matches resulted from snmp (sysDescr, sysObj), CIFS, tcp (p0f) responses. |
|
device_values | Table | version | text | 2147483647 | √ | null | Indicates version of this device. For the most up to date and accurate version info, use device_match table. |
|
certificate | Table | extensions | text | 2147483647 | √ | null | Not being used. |
|
device | Table | macvendor_id | int4 | 10 | √ | null | Id of macvendor of a device. It maps to system.macvendor.id |
|
response_decision | Table | cmpinfhash | text | 2147483647 | √ | null | Composite hash of the individual interface key parameter hashes for response_decision record |
|
edge | Table | node_id1 | int4 | 10 | null | |||
target_shadow | Table | detailsnew | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
device_profiledata | Table | port | int4 | 10 | null | Responding port (where applicable) for profiledata. Set to 0 for profile data types sysDescr, sysObjId and CIFS. Set to -1 for tcp (p0f). Set to the port that responded to this profiledata/banner for profile data type http (certificate) |
||
device_values | Table | leakoutbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to outboundLeak scan type. Set to true if it responded to outboundLeak, false otherwise. |
|
device | Table | mac | macaddr | 2147483647 | √ | null | MAC address of a device. MAC and meta flag has to be unique within a zone. |
|
device_response | Table | protocol_id | int4 | 10 | null | Protocol Id of a device this record belongs to. It maps to zone.protocol.id |
||
device | Table | firstobserved | timestamptz | 35 | √ | now() | Timestamp a device was first observed. Timestamp refers to timestamp/timezone of database server |
|
interface | Table | description | text | 2147483647 | √ | null | Description of interface. It is normalized from device->interface->description. |
|
device_attribute | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given attribute. It gets updated with curren timestamp everytime device response is received for an attribute. |
|
route | Table | trusted | bool | 1 | √ | null | Boolean indicating if given route is in eligible CIDR list for this zone. Eligible CIDR list represents CIDRs set in Zone Networks => Eligible List.Set to true if it is eligible, false otherwise |
|
target | Table | ordid | float4 | 8 | √ | random() | A Random value used to distribute targets. When collector requests next set of targets, query performs order by ordid before returning target list |
|
target_highpriority | Table | ordid | float4 | 8 | √ | random() | ||
interface_address | Table | id | serial | 10 | √ | nextval('zone.interface_address_id_seq'::regclass) | Unique identifier for interface_address record. |
|
map | Table | created_time | timestamptz | 35 | √ | now() | ||
target_hist | Table | route_id | int4 | 10 | √ | null | ||
interface | Table | vlans | _int4 | 10 | √ | null | ||
attributes | View | mac | macaddr | 2147483647 | √ | null | The MAC Address of the device for which the attribute is saved. |
|
interface | Table | iftype | int4 | 10 | √ | null | ||
interface | Table | port | int4 | 10 | √ | null | Port of interface. It is normalized from device->interface->switchInfo->port. |
|
device | Table | meta | bool | 1 | √ | false | Boolean flag that indicates whether this device was discovered and has gone through any type of consolidation. Value of false means that the device was discovered and has not gone through any consolidation. Value of true means it was consolidated as part of another discovery. |
|
cloudalias | Table | zone_id | int4 | 10 | null | Zone Id for cloudalias record. It maps to system.zone.id |
||
interface | Table | bridge | macaddr | 2147483647 | √ | null | Bridge of interface. It is normalized from device->interface->switchInfo->bridge. |
|
mapnode | Table | acknowledged | bool | 1 | √ | false | Boolean flag indicating if this map node has being acknowledged. |
|
interface_route | Table | routeprotocol_id | int4 | 10 | √ | null | Router Protocol id. Maps to zone.routerprotocol.id |
|
linkset | Table | id | serial | 10 | √ | nextval('zone.linkset_id_seq'::regclass) | Unique identifier for linkset record |
|
mapnode | Table | label | text | 2147483647 | √ | null | Label value for mapnode record. |
|
linkset | Table | layer | text | 2147483647 | √ | null | layer this linkset record presents. Valid values are '2' and '3'. Entries will be inserted as and when link with layer2 and/or layer3 are discovered. |
|
target_highpriority | Table | cidr_id | int4 | 10 | √ | null | ||
target | Table | last_target | timestamptz | 35 | √ | null | Timestamp when this target was picked up by a collector last. It is set to null when it is yet to be picked up. When collector asks for next set of records, records with null last_target will get picked up first. If value is non null, targets will be picked up if time elapsed since last_update is greater than rescan interval of a collector. |
|
path | Table | hops | _inet | 2147483647 | √ | null | ||
updatetargetspace_log | Table | zone_id | int4 | 10 | null | Zone Id for updatetargetspace_log record. |
||
interface | Table | physicaladdress | macaddr | 2147483647 | √ | null | Physical address of interface. It is normalized from device->interface->physicalAddress. |
|
macvendor_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for macvendor_pattern record. It maps to profile.pattern.id |
||
target_shadow | Table | id | serial | 10 | √ | nextval('zone.target_shadow_id_seq'::regclass) | Unique identifier for target_shadow record |
|
device_vendor | View | enterprise | text | 2147483647 | √ | null | ||
device_values | Table | trusted | bool | 1 | √ | false | Boolean flag indicating if given device is trusted for this zone. Set to true if trusted, false otherwise. By trusted, it means that the device is set under Zone->Zone Network->Eligible List. |
|
target_highpriority | Table | route_id | int4 | 10 | √ | null | ||
device_values | Table | target | bool | 1 | √ | false | Boolean flag indicating if given device is targeted for this zone (as part of any collector). Set to true if targeted, false otherwise. By targeted, it means that the device is set under Zone->Discovery Spaces->Target List. |
|
target_highpriority | Table | details | text | 2147483647 | √ | null | ||
device_vendor | View | mac | text | 2147483647 | √ | null | ||
attribute | Table | zone_id | int4 | 10 | null | Zone Id of an attribute record. It maps to system.zone.id column |
||
target_shadow | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id however, there is no foreign key relation specified for this column. |
||
mapnode | Table | asset_reference | text | 2147483647 | √ | null | Asset Reference value for mapnode record. |
|
map | Table | title | text | 2147483647 | √ | null | ||
device_values | Table | l2hosts | int4 | 10 | √ | 0 | Indicates number of layer2 hosts this device is connected to. In other words, there are l2hosts number of layer2 edges between this device and other devices that are hosts. |
|
map | Table | description | text | 2147483647 | √ | null | ||
path | Table | targetcidrs | _cidr | 2147483647 | √ | null | ||
cloudalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
target_shadow | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id however, there is no foreign key relation specified for this column. |
|
iftable | Table | id | serial | 10 | √ | nextval('zone.iftable_id_seq'::regclass) | Unique identifier for interfacetable record |
|
certificate | Table | chainid | int8 | 19 | √ | null | ||
device_wmialias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_snmpalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
listsize_by_zone_view | View | ips | text | 2147483647 | √ | null | ||
device | Table | iftable_id | int4 | 10 | √ | null | Id of interface table record that this device is associated to. A device having a non null value in this column is most likely a switch. iftable_id maps to zone.iftable.id |
|
target_highpriority | Table | device_id | int4 | 10 | √ | null | ||
links | View | device_id2 | int4 | 10 | √ | null | ||
device_pattern | Table | device_id | int4 | 10 | null | Id of a device this pattern match belongs to. It maps to device.id |
||
acknowledgeddevice | Table | zone_id | int4 | 10 | null | |||
interface_route | Table | routetype_id | int4 | 10 | √ | null | Route Type id. Maps to zone.routetype.id |
|
protocol_numbers | Table | protocol | text | 2147483647 | √ | null | ||
updates | Table | zone_id | int4 | 10 | √ | null | ||
interface | Table | index | int4 | 10 | √ | null | Index of interface. It is normalized from device->interface->index. |
|
interface | Table | trunk | bool | 1 | √ | null | Trunk of interface. It is normalized from device->interface->switchInfo->trunkPort. |
|
device | Table | active | bool | 1 | √ | null | Boolean flag that is set to true each time when a device is discovered and when a response is received for that device. It is set to false when no response is received for the device for 3 consecutive rescan intervals |
|
attribute | Table | attributetype_id | int4 | 10 | √ | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, ASName, SerialNumber, known, avoid. For complete list, please see system.attributetype table. |
|
response_decision | Table | sn | text | 2147483647 | √ | null | Serial number (if exists) used in nlshash for response_decision record |
|
targetm | Table | config | text | 2147483647 | √ | null | ||
certificate | Table | zone_id | int4 | 10 | null | Zone Id for the certificate record |
||
target | Table | id | serial | 10 | √ | nextval('zone.target_id_seq'::regclass) | Unique identifier for target record |
|
route | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this route record was created/updated |
|
updates | Table | type | text | 2147483647 | √ | null | ||
result | Table | result | text | 2147483647 | √ | null | ||
map | Table | preferences | text | 2147483647 | √ | null | ||
device_values | Table | model | text | 2147483647 | √ | null | Indicates model of this device. For the most up to date and accurate model info, use device_match table. |
|
snmpaliasgroup | Table | aliases | _text | 2147483647 | null | Array of credentials for given snmpaliasgroup record. |
||
route | Table | internal | bool | 1 | √ | null | Boolean indicating if given route is in internal CIDR list for this zone. Internal CIDR list represents CIDRs set in Zone Networks => Internal List.Set to true if it is internal, false otherwise |
|
device_response | Table | zone_id | int4 | 10 | null | Zone Id of a device_response record. It maps to zone.id |
||
target_hist | Table | last_target | timestamptz | 35 | √ | null | ||
interface_route | Table | id | serial | 10 | √ | nextval('zone.interface_route_id_seq'::regclass) | Unique identifier for interface_route record. |
|
wmialias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.wmialias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
nackcandidate | Table | collector_id | int4 | 10 | null | |||
attributes | View | device_id | int4 | 10 | √ | null | Id of the device for which the attribute is saved. |
|
device_certificate | Table | last_update | timestamptz | 35 | √ | now() | ||
config | Table | zone_id | int4 | 10 | √ | null | Zone Id for the config record |
|
device_values | Table | forwarder | bool | 1 | √ | false | Boolean flag indicating if given device is a forwarder. Set to true if it is forwarder, false otherwise. |
|
route | Table | target | bool | 1 | √ | null | Boolean indicating if given route is in targeted CIDR list for any collectors of this zone. Targeted CIDR list represents CIDRs set in Discovery Spaces => Target List table. Set to true if it is targeted, false otherwise |
|
edge | Table | interface_id1 | int4 | 10 | √ | null | ||
profiles | View | source | text | 2147483647 | √ | null | ||
target | Table | details | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
links | View | device_id1 | int4 | 10 | √ | null | ||
interface | Table | vlan | int4 | 10 | √ | null | Vlan of interface. It is normalized from device->interface->vlan as well as device->interface->switchInfo->vlans. If switchInfo contains vlan, it will use that instead of interface->vlan. |
|
device_cloudalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_match | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
device_ports | Table | open | _int4 | 10 | √ | null | List of all ports that are reported open for a device. Please see table description for more information. |
|
routetype | Table | type | text | 2147483647 | √ | null | Value for route type. |
|
path | Table | results | _text | 2147483647 | √ | null | ||
interface | Table | iftable_id | int4 | 10 | null | |||
attribute | Table | attribute | text | 2147483647 | √ | null | Value of discovered meta data/attribute. |
|
map | Table | created_by | int4 | 10 | √ | null | ||
links | View | zoneid | int4 | 10 | √ | null | ||
map | Table | zone_id | int4 | 10 | null | |||
device_values | Table | devicetype | text | 2147483647 | √ | null | Indicates devicetype of this device. For the most up to date and accurate devicetype info, use device_match table. |
|
acknowledgeddevice | Table | created_time | timestamptz | 35 | √ | now() | ||
profiles | View | device_id | int4 | 10 | √ | null | ||
device_profiledata | Table | type_id | int4 | 10 | null | Id of a profiledata type this record refers to. It maps to zone.profiledatatype.id. Valid values for zone.profiledatatype.type are sysDescr, sysObjectID, tcp, http, cifs. |
||
config | Table | value | text | 2147483647 | √ | null | Configuration value for a given key, within a collector and zone |
|
profile_translation | Table | type_id | int4 | 10 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
device_wmialias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given WMI alias. It gets updated with current timestamp everytime a device response for WMI discovery is received for an alias. |
|
profiledata | Table | data | text | 2147483647 | null | The normalized profile data. At least converted to lower case and non printable characters are deleted or escaped. |
||
links | View | name2 | text | 2147483647 | √ | null | ||
link | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated |
|
device_ports | Table | zone_id | int4 | 10 | null | Zone Id of a device_ports record. It maps to zone.id |
||
interface_route | Table | zone_id | int4 | 10 | null | Zone Id for interface_route record. |
||
profiledata_pattern | Table | profiledata_id | int4 | 10 | null | Profiledata Id for profiledata_pattern record. It maps to zone.profiledata.id |
||
device_values | Table | hastraces | bool | 1 | √ | false | Boolean flag indicating if given device responded to pathDiscovery scan type. Set to true if it responded to pathDiscovery, false otherwise. |
|
interface_address | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface address. |
||
response_decision | Table | zone_id | int4 | 10 | null | Zone Id for response_decision record |
||
profile_translation | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledatatype record |
||
device_attribute | Table | attribute_cidr_id | int4 | 10 | √ | null | Id of CIDR that represents device_attribute record. It is mainly populated for ASName attributetype but can be used for any attribute that would contain a cidr. It maps to system.attribute_cidr.id |
|
mapnode | Table | width | float4 | 8 | √ | null | Width value for mapnode record. |
|
device_certificate | Table | device_id | int4 | 10 | null | Id for device record. It maps to zone.device.id |
||
device_match | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given profile type record. It maps to profile.pattern.id |
||
device_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given device response record. It maps to profile.pattern.id |
||
target_hist | Table | batchid | int4 | 10 | √ | null | ||
interface | Table | rootport | bool | 1 | √ | null | Rootport of interface. It is normalized from device->interface->index->switchInfo->rootPort. |
|
device_values | Table | vendor | text | 2147483647 | √ | null | Indicates vendor of this device. For the most up to date and accurate vendor info, use device_match table. |
|
mapnode | Table | id | serial | 10 | √ | nextval('zone.mapnode_id_seq'::regclass) | Unique identifier for mapnode record |
|
routeprotocol | Table | protocol | text | 2147483647 | √ | null | Value for protocol. |
|
attribute_cidr | Table | id | serial | 10 | √ | nextval('zone.attribute_cidr_id_seq'::regclass) | Unique identifier for attribute_cidr record |
|
forwarders_range | Table | start1 | int4 | 10 | √ | null | Start value for this range record |
|
device_pattern | Table | certificatepath_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from http (certificate). It maps to zone.certificatepath.id |
|
acknowledgeddevice | Table | acknowledged | bool | 1 | null | |||
interface | Table | voicevlan | int4 | 10 | √ | null | ||
target | Table | expandedconfig | text | 2147483647 | √ | null | Not being used. |
|
certificatepath | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath record |
||
device_values | Table | l3peers | int2 | 5 | √ | 0 | Indicates number of layer3 nodes this device is connected to. In other words, there are l3peers number of layer3 edges between this device and other devices that are not hosts. |
|
device_values | Table | leakinbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to inboundLeak scan type. Set to true if it responded to inboundLeak, false otherwise. |
|
protocol | Table | id | serial | 10 | √ | nextval('zone.protocol_id_seq'::regclass) | Unique identifier for protocol record |
|
profiledata | Table | rawdata | text | 2147483647 | null | The raw (unnormalized) profile data |
||
edge | Table | id | serial | 10 | √ | nextval('zone.edge_id_seq'::regclass) | ||
certificatepath | Table | path | text | 2147483647 | √ | null | Certificate text that is received in the response. |
|
device | Table | parent | int4 | 10 | √ | COALESCE(device_id, id) | ||
interface_route | Table | first_observed | timestamptz | 35 | √ | now() | Timestamp when this route was first seen. If the route is expired out and recreated, this will be the timestamp from when we last created it. |
|
path | Table | hash | text | 2147483647 | √ | null | ||
device_values | Table | known | bool | 1 | √ | false | Boolean flag indicating if given device is known for this zone. Set to true if known, false otherwise. By known, it means that the device is set under Zone->Zone Network->Known List. |
|
device_response | Table | ports | _int4 | 10 | √ | null | List of ports (if any) that constituted this response. For example, for cifs response, it will be set to 445, for host response coming from dns, it will be set to 53. This column is only populated for httpDetails, hostDiscovery and cifs. Device->response->ports get normalized in this column. It contains all the list of ports a device has received response from for a given scan type and protocol at any given point in time. |
|
profiledata | Table | type_id | int4 | 10 | null | |||
attributes | View | type_id | int4 | 10 | √ | null | Id for system attribute. This maps to system.attributetype.id |
|
certificate | Table | version | int4 | 10 | √ | null | Version of the certificate |
|
path | Table | id | serial | 10 | √ | nextval('zone.path_id_seq'::regclass) | ||
device_match | Table | zone_id | int4 | 10 | null | Zone Id of a device_match record. zone.device_match table is a parent table for all partitioned (by zone_id) zone_xxx.device_match tables. It maps to zone.id column |
||
device_cloudalias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given cloud alias. It gets updated with current timestamp everytime a device response for cloud discovery is received for an alias. |
|
interface_host | Table | zone_id | int4 | 10 | √ | null | Zone Id for interface host record. |
|
interface_host | Table | device_id | int4 | 10 | null | Device Id of MAC that is host for this interface. |
||
device_pattern | Table | macvendor_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from macvendor. It maps to system.macvendor.id |
|
device_vendor | View | profiled | text | 2147483647 | √ | null | ||
updatetargetspace_log | Table | count | int4 | 10 | √ | null | Number of records that got impacted by this run and action. |
|
route | Table | known | bool | 1 | √ | null | Boolean indicating if given route is in known CIDR list for this zone. Known CIDR list represents CIDRs set in Zone Networks => Known List. Set to true if it is known, false otherwise |
|
target_shadow | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id however, there is no foreign key relation specified for this column. |
||
nackcandidate | Table | zone_id | int4 | 10 | null | |||
device_vendor | View | zone_id | int4 | 10 | √ | null | ||
device | Table | ip | inet | 2147483647 | √ | null | IP Address of a device. It can either be IPv4 or IPv6 IP Address. The combination of IP Address and meta flag has to be unique within a zone. That allows same IP Address to be stitched to itself. In that case, child record will have meta flag set to false, while parent record with the same IP Address will have meta flag set to true |
|
cloudalias | Table | credential | text | 2147483647 | √ | null | Credentials for cloudalias record. Credentials are stored in following format: <cloud provider for credential(aws)>:alias name:encoded credentials. |
|
links | View | hosts | bool | 1 | √ | null | ||
interface_route | Table | withdrawn | bool | 1 | √ | false | Has this route been withdrawn by the discovering routing protocol (currently only BGP supports this) |
|
device_certificate | Table | certificate_id | int4 | 10 | null | Unique identifier for certificat record. It maps to zone.certificate.id |
||
device_snmpalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_snmpalias record. It maps to zone.id |
||
iftable_vlan | Table | zone_id | int4 | 10 | √ | null | Zone Id for iftable_vlan record |
|
route | Table | zone_id | int4 | 10 | null | Zone Id for route record. It maps to system.zone.id |
||
attribute_cidr | Table | cidrval | cidr | 2147483647 | null | CIDR value for attribute_cidr record |
||
route | Table | id | serial | 10 | √ | nextval('zone.route_id_seq'::regclass) | Unique identifier for route record |
|
response_decision | Table | iftable_id | int4 | 10 | √ | null | Iftable Id for response_decision record. It maps to zone.iftable.id. There should only be a unique iftable_id for every new device detected |
|
profiledata | Table | timestamp | timestamptz | 35 | √ | transaction_timestamp() | ||
profiles | View | zone_id | int4 | 10 | √ | null | ||
iftable | Table | bridgeaddress | macaddr | 2147483647 | √ | null | Bridge address of an interface table. It is normalized from device->bridgeAddress. It will be null when iftable entry represents device level route processing. |
|
mapnode | Table | acknowledged_time | timestamptz | 35 | √ | now() | Timestamp when given map node record was acknowledged. Set only if mapnode.acknowledged is set to true. |
|
profile_translation | Table | attribute_id | int4 | 10 | null | Attribute Id for profiledatatype record. |
||
profiles | View | type | text | 2147483647 | √ | null | ||
attributeconfig | View | attribute | text | 2147483647 | √ | null | Indicates the attribute value when user adds a Custom Attribute |
|
updatetargetspace_log | Table | last_run | timestamptz | 35 | √ | now() | Time when update target was run for this reord |
|
mapnode | Table | ycoord | float4 | 8 | √ | null | Y coordinate value for mapnode record. |
|
device_ports | Table | closed_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported closed. Sample values - "21"=>"25048310", "23"=>"25048310", "25"=>"25048310"≠ |