Columns
Table | Type | Column | Type | Size | Nulls | Auto | Default | Comments |
---|---|---|---|---|---|---|---|---|
certificatepath_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that this certificatepath matches. It maps to profile.pattern.id |
||
target_highpriority | Table | scantype_id | int4 | 10 | null | |||
certificate | Table | certificatetype | text | 2147483647 | √ | null | Type of the certificate. For example SHA256withRSA, SHA1withRSA |
|
target | Table | id | serial | 10 | √ | nextval('zone.target_id_seq'::regclass) | Unique identifier for target record |
|
attributes | View | ip | inet | 2147483647 | √ | null | The IP Address of the device for which the attribute is saved. |
|
interface | Table | opstatus | int4 | 10 | √ | null | Optstatus of interface. It is normalized from device->interface->opstatus. |
|
mapnode | Table | label | text | 2147483647 | √ | null | Label value for mapnode record. |
|
config | Table | zone_id | int4 | 10 | √ | null | Zone Id for the config record |
|
route | Table | id | serial | 10 | √ | nextval('zone.route_id_seq'::regclass) | Unique identifier for route record |
|
response_decision | Table | match_id | int4 | 10 | √ | null | Id of matching response for response_decision record. Negative if from a new device |
|
wmialias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.wmialias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
listsize_by_zone_view | View | zone_id | int4 | 10 | √ | null | ||
device_response | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
interface_route | Table | nexthop | inet | 2147483647 | √ | null | Next hop for this route. |
|
path | Table | zone_id | int4 | 10 | null | |||
response_decision | Table | decision | bool | 1 | √ | null | Decision made for response_decision record. True = response from an existing device/false = response from a new device |
|
snmpaliasgroup | Table | name | text | 2147483647 | null | Unique name for snmpaliasgroup record. Currently, Spectre has only one snmpaliasgroup name and is called common |
||
device_certificate | Table | zone_id | int4 | 10 | null | Zone Id of a device_certificate record. It maps to zone.id column |
||
target_highpriority | Table | cidrval | cidr | 2147483647 | null | |||
snmpalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.snmpalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
targetm | Table | config | text | 2147483647 | √ | null | ||
response_decision | Table | iftable_id | int4 | 10 | √ | null | Iftable Id for response_decision record. It maps to zone.iftable.id. There should only be a unique iftable_id for every new device detected |
|
profiles | View | expression | text | 2147483647 | √ | null | ||
interface | Table | trunk | bool | 1 | √ | null | Trunk of interface. It is normalized from device->interface->switchInfo->trunkPort. |
|
cloudalias | Table | collector_id | int4 | 10 | null | Collector Id for cloudalias record. It maps to system.collector.id |
||
mapnode | Table | ycoord | float4 | 8 | √ | null | Y coordinate value for mapnode record. |
|
mapnode | Table | acknowledged_time | timestamptz | 35 | √ | now() | Timestamp when given map node record was acknowledged. Set only if mapnode.acknowledged is set to true. |
|
profile_translation | Table | zone_id | int4 | 10 | null | Zone Id for profiledatatype record |
||
interface | Table | id | serial | 10 | √ | nextval('zone.interface_id_seq'::regclass) | Unique identifier for interfacetable record. |
|
linkset | Table | id | serial | 10 | √ | nextval('zone.linkset_id_seq'::regclass) | Unique identifier for linkset record |
|
device_values | Table | l3peers | int2 | 5 | √ | 0 | Indicates number of layer3 nodes this device is connected to. In other words, there are l3peers number of layer3 edges between this device and other devices that are not hosts. |
|
certificate | Table | serial | text | 2147483647 | √ | null | Serial number of the certificate |
|
targetm | Table | overwrite | bool | 1 | √ | null | ||
certificate | Table | chainid | int8 | 19 | √ | null | ||
response_decision | Table | syslocation | text | 2147483647 | √ | null | Syslocation (if exists) used in nlshash for response_decision record |
|
certificatepath | Table | path | text | 2147483647 | √ | null | Certificate text that is received in the response. |
|
device_certificate | Table | last_update | timestamptz | 35 | √ | now() | ||
attribute_cidr | Table | collector_id | int4 | 10 | √ | null | Collector Id. Maps to system.collector.id |
|
route | Table | target | bool | 1 | √ | null | Boolean indicating if given route is in targeted CIDR list for any collectors of this zone. Targeted CIDR list represents CIDRs set in Discovery Spaces => Target List table. Set to true if it is targeted, false otherwise |
|
device | Table | active | bool | 1 | √ | null | Boolean flag that is set to true each time when a device is discovered and when a response is received for that device. It is set to false when no response is received for the device for 3 consecutive rescan intervals |
|
scantype_alias | Table | affects_active | bool | 1 | √ | true | ||
macvendor_pattern | Table | macvendor_id | int4 | 10 | null | MacVendor id for macvendor_pattern record. It maps to system.macvendor.id |
||
device_attribute | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
device | Table | meta | bool | 1 | √ | false | Boolean flag that indicates whether this device was discovered and has gone through any type of consolidation. Value of false means that the device was discovered and has not gone through any consolidation. Value of true means it was consolidated as part of another discovery. |
|
attributes | View | identity | text | 2147483647 | √ | null | ||
device_values | Table | known | bool | 1 | √ | false | Boolean flag indicating if given device is known for this zone. Set to true if known, false otherwise. By known, it means that the device is set under Zone->Zone Network->Known List. |
|
wmialias | Table | collector_id | int4 | 10 | null | Collector Id for wmialias record. It maps to system.collector.id |
||
target_hist | Table | id | serial | 10 | √ | nextval('zone.target_hist_id_seq'::regclass) | ||
attribute_cidr | Table | id | serial | 10 | √ | nextval('zone.attribute_cidr_id_seq'::regclass) | Unique identifier for attribute_cidr record |
|
certificate | Table | issuer_id | int4 | 10 | √ | null | Id for data referencing certificate issuer. It maps to zone.certificatepath.id |
|
interface_route | Table | first_observed | timestamptz | 35 | √ | now() | Timestamp when this route was first seen. If the route is expired out and recreated, this will be the timestamp from when we last created it. |
|
device_vendor | View | vendor | text | 2147483647 | √ | null | ||
certificate | Table | zone_id | int4 | 10 | null | Zone Id for the certificate record |
||
map | Table | id | serial | 10 | √ | nextval('zone.map_id_seq'::regclass) | ||
iftable_vlan | Table | iftable_id | int4 | 10 | null | Iftable Id for iftable_vlan record. It maps to zone.iftable.id. There is a one to many relationship between iftable id and vlan hence same iftable id can have multiple records for different vlan info |
||
nackcandidate | Table | scantype_id | int4 | 10 | null | |||
edge | Table | layer | int4 | 10 | √ | null | ||
device | Table | enterprise_id | int4 | 10 | √ | null | ||
attributes | View | mac | macaddr | 2147483647 | √ | null | The MAC Address of the device for which the attribute is saved. |
|
device_cloudalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_profiledata | Table | zone_id | int4 | 10 | null | Zone Id of a device_profiledata record. It maps to zone.id |
||
target_shadow | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
portgroup | Table | name | text | 2147483647 | null | Unique name for portgroup record. Values for name are, common, vulnerable, infectious. Please note that at the moment only vulnerable and infectious groups are used in discovery. |
||
target_hist | Table | route_id | int4 | 10 | √ | null | ||
device_vendor | View | zone_id | int4 | 10 | √ | null | ||
profiledatatype | Table | type | text | 2147483647 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
target_highpriority | Table | id | serial | 10 | √ | nextval('zone.target_highpriority_id_seq'::regclass) | ||
target_highpriority | Table | expandedconfig | text | 2147483647 | √ | null | ||
target | Table | expandedconfig | text | 2147483647 | √ | null | Not being used. |
|
profiledatatype | Table | id | serial | 10 | √ | nextval('zone.profiledatatype_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
device | Table | zone_id | int4 | 10 | null | Zone Id of a device record. Since zone.device table is a parent table for all partitioned (by zone_id) tables, same IP Address can be found while querying zone.device table for different zone_id. It maps to zone.id column |
||
scantype_alias | Table | scantype | text | 2147483647 | √ | null | Internal scantype value that maps to scantype.type |
|
profile_translation | Table | content_id | int4 | 10 | √ | null | Content Id for profiledatatype record. |
|
firemon_risk_range | Table | end1 | int4 | 10 | √ | null | ||
device_attribute | Table | id | serial | 10 | √ | nextval('zone.device_attribute_id_seq'::regclass) | Unique identifier for device_attribute record |
|
linkset | Table | hosts | bool | 1 | √ | null | Boolean indicating whether this linkset record refers to hosts or nodes. Set to true for hosts, false otherwise. |
|
mapnode | Table | action_items | text | 2147483647 | √ | null | Action Items for mapnode record. |
|
interface | Table | iftype | int4 | 10 | √ | null | ||
profiles | View | zone_id | int4 | 10 | √ | null | ||
device_values | Table | devicetype | text | 2147483647 | √ | null | Indicates devicetype of this device. For the most up to date and accurate devicetype info, use device_match table. |
|
scantype_alias | Table | alias | text | 2147483647 | √ | null | Alias for scantype that gets displayed on UI for Discovery Statistics By Discovery Types report. |
|
links | View | device2 | text | 2147483647 | √ | null | ||
map | Table | created_time | timestamptz | 35 | √ | now() | ||
route | Table | known | bool | 1 | √ | null | Boolean indicating if given route is in known CIDR list for this zone. Known CIDR list represents CIDRs set in Zone Networks => Known List. Set to true if it is known, false otherwise |
|
map | Table | description | text | 2147483647 | √ | null | ||
interface_address | Table | ip | inet | 2147483647 | √ | null | IP address of interface. |
|
link | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated |
|
interface_host | Table | zone_id | int4 | 10 | √ | null | Zone Id for interface host record. |
|
device_ports | Table | closed | _int4 | 10 | √ | null | List of all ports that are reported closed for a device. Please see table description for more information. |
|
snmpalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
target_highpriority | Table | ordid | float4 | 8 | √ | random() | ||
certificate | Table | port | int4 | 10 | √ | null | ||
route | Table | route | cidr | 2147483647 | √ | null | CIDR value for route |
|
mapnode | Table | tag | text | 2147483647 | √ | null | Tag value for mapnode record. |
|
target_hist | Table | cidrval | cidr | 2147483647 | null | |||
interface_address | Table | zone_id | int4 | 10 | null | Zone Id for interface address record. |
||
cloudalias | Table | zone_id | int4 | 10 | null | Zone Id for cloudalias record. It maps to system.zone.id |
||
device_values | Table | leakoutbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to outboundLeak scan type. Set to true if it responded to outboundLeak, false otherwise. |
|
device_pattern | Table | attribute_id | int4 | 10 | √ | null | Not used. |
|
interface | Table | indconthash | text | 2147483647 | √ | null | Hash of interface all the interface parameters. |
|
interface | Table | physicaladdress | macaddr | 2147483647 | √ | null | Physical address of interface. It is normalized from device->interface->physicalAddress. |
|
certificate | Table | expiredate | timestamp | 29 | √ | null | Expiration date of the certificate |
|
target_shadow | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id however, there is no foreign key relation specified for this column. |
|
map | Table | created_by | int4 | 10 | √ | null | ||
device | Table | maclastobserved | timestamptz | 35 | √ | null | Timestamp of the last time this MAC/IP pairing was seen. This will be used to potentially time out the MAC address for this device (which might occur if the device picks up its address via DHCP and moves from one subnet to another on the network) |
|
attribute_cidr | Table | hasresponses | bool | 1 | √ | false | Boolean flag set to true or false indicating if CIDR (in cidrval column) contains any device that has any responses recorded. Set to true if there is any entry in device_response for any device containing this CIDR record, false otherwise |
|
updatetargetspace_log | Table | count | int4 | 10 | √ | null | Number of records that got impacted by this run and action. |
|
attributeconfig | View | zone | text | 2147483647 | √ | null | This column shows the zone name and zone id for which the CIDR belongs to. It is represented as zone name (zone id) |
|
scantype | Table | scantype | text | 2147483647 | √ | null | Value for scan type. |
|
targetm | Table | zone_id | int4 | 10 | √ | null | ||
protocol | Table | id | serial | 10 | √ | nextval('zone.protocol_id_seq'::regclass) | Unique identifier for protocol record |
|
device_values | Table | internal | bool | 1 | √ | false | Boolean flag indicating if given device is internal for this zone. Set to true if internal, false otherwise. By internal, it means that the device is set under Zone->Zone Network->Internal List. |
|
routeprotocol | Table | protocol | text | 2147483647 | √ | null | Value for protocol. |
|
certificate | Table | signaturetype | text | 2147483647 | √ | null | Signature type of the certificate. For example RSA(4096), EC |
|
device_values | Table | snmpresponder | bool | 1 | √ | false | Boolean flag indicating if given device responded to snmpDiscovery scan type. Set to true if it responded to snmpDiscovery, false otherwise. |
|
mapnode | Table | width | float4 | 8 | √ | null | Width value for mapnode record. |
|
targetm | Table | collector_id | int4 | 10 | √ | null | ||
updates | Table | tbl | text | 2147483647 | √ | null | ||
result | Table | result | text | 2147483647 | √ | null | ||
target_hist | Table | zone_id | int4 | 10 | null | |||
device_values | Table | os | text | 2147483647 | √ | null | Indicates operating system of this device. For the most up to date and accurate operating system info, use device_match table. |
|
device_response | Table | id | serial | 10 | √ | nextval('zone.device_response_id_seq'::regclass) | Unique identifier for device response record |
|
device_cloudalias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given cloud alias. It gets updated with current timestamp everytime a device response for cloud discovery is received for an alias. |
|
listsize_by_zone_view | View | listtype | text | 2147483647 | √ | null | ||
iftable_vlan | Table | name | text | 2147483647 | null | Name of vlan |
||
updatetargetspace_log | Table | message | text | 2147483647 | √ | null | Status message indicating start and completion for update target processing |
|
device_match | Table | device_id | int4 | 10 | null | Id of a device this attribute belongs to. It maps to device.id |
||
snmpalias | Table | id | serial | 10 | √ | nextval('zone.snmpalias_id_seq'::regclass) | Unique identifier for snmpalias record |
|
device_values | Table | perimeter | bool | 1 | √ | false | Boolean flag indicating if given device is a perimeter device. Set to true if device is internal and contains a link to another device that is not internal, false otherwise. |
|
route | Table | internal | bool | 1 | √ | null | Boolean indicating if given route is in internal CIDR list for this zone. Internal CIDR list represents CIDRs set in Zone Networks => Internal List.Set to true if it is internal, false otherwise |
|
device_ports | Table | open_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported open. Sample values - "80"=>"25048454", "135"=>"25048454" |
|
device_response | Table | vlan | int4 | 10 | √ | null | ||
nackcandidate | Table | collector_id | int4 | 10 | null | |||
protocol_numbers | Table | decimal | int4 | 10 | √ | null | ||
device_vendor | View | vendor_source | text | 2147483647 | √ | null | ||
config | Table | key | text | 2147483647 | √ | null | Key represents collector configuration information. Each key is unique for a given collector_id and zone_id record. For specific scantype, the key is represented as |
|
device_pattern | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given device response record. It maps to profile.pattern.id |
||
target_highpriority | Table | zone_id | int4 | 10 | null | |||
device_values | Table | model | text | 2147483647 | √ | null | Indicates model of this device. For the most up to date and accurate model info, use device_match table. |
|
protocol_numbers | Table | keyword | text | 2147483647 | √ | null | ||
interface | Table | zone_id | int4 | 10 | null | Zone Id for interface entry. |
||
attribute | Table | id | serial | 10 | √ | nextval('zone.attribute_id_seq'::regclass) | Unique identifier for attribute record |
|
route | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this route record was created/updated |
|
updates | Table | op | text | 2147483647 | √ | null | ||
updatetargetspace_log | Table | last_run | timestamptz | 35 | √ | now() | Time when update target was run for this reord |
|
interface_route | Table | routeprotocol_id | int4 | 10 | √ | null | Router Protocol id. Maps to zone.routerprotocol.id |
|
iftable | Table | zone_id | int4 | 10 | null | Zone Id for interface table entry |
||
response_decision | Table | created_at | timestamptz | 35 | √ | now() | created_at timestamp when this record was created |
|
device_cloudalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_cloudalias record. It maps to zone.id |
||
cloudalias | Table | id | serial | 10 | √ | nextval('zone.cloudalias_id_seq'::regclass) | unique identifier for cloudalias record |
|
edge | Table | interface_id2 | int4 | 10 | √ | null | ||
scantype_alias | Table | phase | int4 | 10 | √ | null | ||
device | Table | parent | int4 | 10 | √ | COALESCE(device_id, id) | ||
routeprotocol | Table | id | serial | 10 | √ | nextval('zone.routeprotocol_id_seq'::regclass) | Unique identifier for routeprotocol record |
|
interface_route | Table | interface_id | int4 | 10 | null | Interface Id for iftable_vlan record. It maps to zone.interface.id |
||
wmialias | Table | credential | text | 2147483647 | √ | null | Credentials for wmialias record. Credentials are stored in following format: alias name:domain:encoded credentials. |
|
interface | Table | index | int4 | 10 | √ | null | Index of interface. It is normalized from device->interface->index. |
|
nackcandidate | Table | mac | macaddr | 2147483647 | √ | null | ||
response_decision | Table | sysname | text | 2147483647 | √ | null | Sysname (if exists) used in nlshash for response_decision record |
|
profiles | View | attribute | text | 2147483647 | √ | null | ||
device_response | Table | zone_id | int4 | 10 | null | Zone Id of a device_response record. It maps to zone.id |
||
target_highpriority | Table | batchid | int4 | 10 | √ | null | ||
linkset | Table | layer | text | 2147483647 | √ | null | layer this linkset record presents. Valid values are '2' and '3'. Entries will be inserted as and when link with layer2 and/or layer3 are discovered. |
|
profiledata | Table | hash | text | 2147483647 | null | MD5 hash of the (normalized) data column |
||
profiledata | Table | timestamp | timestamptz | 35 | √ | transaction_timestamp() | ||
link | Table | linkset_id | int4 | 10 | null | Linkset Id for link record. It maps to zone.linkset.id. It identifies whether this link is host or node and whether it is representing layer2 link or layer3 link |
||
profile_translation | Table | type_id | int4 | 10 | null | Type for profiledatatype record. Valid values are, tcp, http, sysObjectID, sysDescr, cifs. |
||
target | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id |
||
response_decision | Table | cmpinfhash | text | 2147483647 | √ | null | Composite hash of the individual interface key parameter hashes for response_decision record |
|
device_attribute | Table | attributetype_id | int4 | 10 | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, serialNumber. |
||
edge | Table | node_id1 | int4 | 10 | null | |||
edge | Table | zone_id | int4 | 10 | null | |||
target | Table | details | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
links | View | device_id2 | int4 | 10 | √ | null | ||
links | View | name1 | text | 2147483647 | √ | null | ||
profiledata | Table | type_id | int4 | 10 | null | |||
device_match | Table | zone_id | int4 | 10 | null | Zone Id of a device_match record. zone.device_match table is a parent table for all partitioned (by zone_id) zone_xxx.device_match tables. It maps to zone.id column |
||
updatetargetspace_log | Table | zone_id | int4 | 10 | null | Zone Id for updatetargetspace_log record. |
||
attributeconfig | View | type | text | 2147483647 | √ | null | Indicates the type of CIDR. Default values are set as follows: type is set to target if CIDR belongs to Discovery Spaces => Target List type is set to avoid if CIDR belongs to Discovery Spaces => Avoid List type is set to stop if CIDR belongs to Discovery Spaces => Stop List type is set to trusted if CIDR belongs to Zone Networks => Eligible List type is set to known if CIDR belongs to Zone Networks => Known List type is set to internal if CIDR belongs to Zone Networks => Internal List type is set to user-defined Label when user adds a Custom Attribute |
|
target_highpriority | Table | route_id | int4 | 10 | √ | null | ||
route | Table | trusted | bool | 1 | √ | null | Boolean indicating if given route is in eligible CIDR list for this zone. Eligible CIDR list represents CIDRs set in Zone Networks => Eligible List.Set to true if it is eligible, false otherwise |
|
device_certificate | Table | device_id | int4 | 10 | null | Id for device record. It maps to zone.device.id |
||
path | Table | hops | _inet | 2147483647 | √ | null | ||
device | Table | ip | inet | 2147483647 | √ | null | IP Address of a device. It can either be IPv4 or IPv6 IP Address. The combination of IP Address and meta flag has to be unique within a zone. That allows same IP Address to be stitched to itself. In that case, child record will have meta flag set to false, while parent record with the same IP Address will have meta flag set to true |
|
attributes | View | device_id | int4 | 10 | √ | null | Id of the device for which the attribute is saved. |
|
acknowledgeddevice | Table | created_time | timestamptz | 35 | √ | now() | ||
cloudalias | Table | credential | text | 2147483647 | √ | null | Credentials for cloudalias record. Credentials are stored in following format: <cloud provider for credential(aws)>:alias name:encoded credentials. |
|
map | Table | type | text | 2147483647 | null | |||
links | View | device1 | text | 2147483647 | √ | null | ||
routetype | Table | type | text | 2147483647 | √ | null | Value for route type. |
|
device_match | Table | pattern_id | int4 | 10 | null | Id of pattern that contains a match for given profile type record. It maps to profile.pattern.id |
||
updates | Table | type | text | 2147483647 | √ | null | ||
device_values | Table | version | text | 2147483647 | √ | null | Indicates version of this device. For the most up to date and accurate version info, use device_match table. |
|
device_cloudalias | Table | cloudalias_id | int4 | 10 | null | Id of a cloudalias this record belongs to. It maps to zone.cloudalias.id |
||
protocol | Table | protocol | text | 2147483647 | √ | null | Value of protocol. Valid values are arp, udp, icmp, snmp, snmpv2, tcp, dns, http, https, cifs, dhcp |
|
device_ports | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
target_shadow | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id however, there is no foreign key relation specified for this column. |
|
config | Table | collector_id | int4 | 10 | √ | null | Collector Id for this config record. It maps to system.collector.id |
|
target_hist | Table | scantype_id | int4 | 10 | null | |||
attributeconfig | View | attribute | text | 2147483647 | √ | null | Indicates the attribute value when user adds a Custom Attribute |
|
target | Table | device_id | int4 | 10 | √ | null | Device Id for target record. It maps to zone.device.id |
|
device_vendor | View | enterprise | text | 2147483647 | √ | null | ||
device_values | Table | trusted | bool | 1 | √ | false | Boolean flag indicating if given device is trusted for this zone. Set to true if trusted, false otherwise. By trusted, it means that the device is set under Zone->Zone Network->Eligible List. |
|
profiledata_pattern | Table | zone_id | int4 | 10 | null | Zone Id for profiledata_pattern record. It maps to system.zone.id |
||
device_values | Table | vendor | text | 2147483647 | √ | null | Indicates vendor of this device. For the most up to date and accurate vendor info, use device_match table. |
|
interface | Table | infhash | text | 2147483647 | √ | null | Hash of interface key parameters index/name/physicaladdress. |
|
target | Table | cidr_id | int4 | 10 | √ | null | CIDR Id for target record. For each target CIDR entry, there will be one entry for host/path for collector that has host or path configured. It maps to zone.attribute_cidr.id |
|
device_values | Table | hasresponses | bool | 1 | √ | false | Boolean flag indicating if given device has any responses recorded. Set to true if there is any entry in device_response for this device, false otherwise. |
|
profiledata | Table | zone_id | int4 | 10 | null | |||
profile_translation | Table | attribute_id | int4 | 10 | null | Attribute Id for profiledatatype record. |
||
path | Table | protocols | _text | 2147483647 | √ | null | ||
snmpalias | Table | collector_id | int4 | 10 | null | Collector Id for snmpalias record. It maps to system.collector.id |
||
attribute | Table | attributetype_id | int4 | 10 | √ | null | Id that denotes what type of attribute this record indicates. It maps to system.attributetype.id column. Example values for attributetypes - cifsName, sysDescr, ASName, SerialNumber, known, avoid. For complete list, please see system.attributetype table. |
|
target_hist | Table | device_id | int4 | 10 | √ | null | ||
device | Table | mac | macaddr | 2147483647 | √ | null | MAC address of a device. MAC and meta flag has to be unique within a zone. |
|
interface | Table | name | text | 2147483647 | √ | null | Name of interface. It is normalized from device->interface->name. |
|
wmialias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
mapnode | Table | zone_id | int4 | 10 | null | Zone Id for mapnode record. It maps to system.zone.id |
||
device_response | Table | ports | _int4 | 10 | √ | null | List of ports (if any) that constituted this response. For example, for cifs response, it will be set to 445, for host response coming from dns, it will be set to 53. This column is only populated for httpDetails, hostDiscovery and cifs. Device->response->ports get normalized in this column. It contains all the list of ports a device has received response from for a given scan type and protocol at any given point in time. |
|
device_profiledata | Table | type_id | int4 | 10 | null | Id of a profiledata type this record refers to. It maps to zone.profiledatatype.id. Valid values for zone.profiledatatype.type are sysDescr, sysObjectID, tcp, http, cifs. |
||
target_hist | Table | cidr_id | int4 | 10 | √ | null | ||
path | Table | collector_id | int4 | 10 | null | |||
device_values | Table | l3hosts | int4 | 10 | √ | 0 | Indicates number of layer3 hosts this device is connected to. In other words, there are l3hosts number of layer3 edges between this device and other devices that are hosts. |
|
device_vendor | View | device_id | int4 | 10 | √ | null | ||
interface_route | Table | zone_id | int4 | 10 | null | Zone Id for interface_route record. |
||
response_decision | Table | sn | text | 2147483647 | √ | null | Serial number (if exists) used in nlshash for response_decision record |
|
path | Table | id | serial | 10 | √ | nextval('zone.path_id_seq'::regclass) | ||
linkset | Table | zone_id | int4 | 10 | √ | null | Zone Id for linkset record. It maps to system.zone.id |
|
links | View | name2 | text | 2147483647 | √ | null | ||
target | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id. |
||
certificate | Table | id | serial | 10 | √ | nextval('zone.certificate_id_seq'::regclass) | Unique identifier for certificate record |
|
targetm | Table | scantype_id | int4 | 10 | √ | null | ||
interface | Table | vlans | _int4 | 10 | √ | null | ||
map | Table | user_id | int4 | 10 | null | |||
certificatepath_pattern | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath_pattern record |
||
certificatepath | Table | zone_id | int4 | 10 | null | Zone Id for the certificatepath record |
||
mapnode | Table | xcoord | float4 | 8 | √ | null | X coordinate value for mapnode record. |
|
acknowledgeddevice | Table | user_id | int4 | 10 | null | |||
interface_route | Table | withdrawn | bool | 1 | √ | false | Has this route been withdrawn by the discovering routing protocol (currently only BGP supports this) |
|
interface_route | Table | routetype_id | int4 | 10 | √ | null | Route Type id. Maps to zone.routetype.id |
|
certificatepath | Table | id | serial | 10 | √ | nextval('zone.certificatepath_id_seq'::regclass) | Unique identifier for certificatepath record |
|
profiledata_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledata_pattern record. It maps to profile.pattern.id |
||
device_ports | Table | closed_times | hstore | 2147483647 | √ | null | Key value pairs with port number and timestamp when port was reported closed. Sample values - "21"=>"25048310", "23"=>"25048310", "25"=>"25048310"≠ |
|
link | Table | device_id1 | int4 | 10 | null | From Device Id for link record. It maps to zone.device.id. |
||
attributeconfig | View | cidrval | cidr | 2147483647 | √ | null | This column stores the value of the CIDR |
|
interface_host | Table | vlans | _int4 | 10 | null | Array of vlans for given interface host. device->interface->switchInfo->vlans gets normalized here. |
||
path | Table | results | _text | 2147483647 | √ | null | ||
edge | Table | node_id2 | int4 | 10 | null | |||
attributeconfig | View | collector | text | 2147483647 | √ | null | This column shows the collector name and collector id for which the CIDR belongs to. It is represented as Collector name (collector id) |
|
links | View | zoneid | int4 | 10 | √ | null | ||
target_highpriority | Table | device_id | int4 | 10 | √ | null | ||
wmialias | Table | zone_id | int4 | 10 | null | Zone Id for wmialias record. It maps to system.zone.id |
||
map | Table | zone_id | int4 | 10 | null | |||
firemon_risk_range | Table | start1 | int4 | 10 | √ | null | ||
device_snmpalias | Table | zone_id | int4 | 10 | null | Zone Id of a device_snmpalias record. It maps to zone.id |
||
profiledata | Table | id | serial | 10 | √ | nextval('zone.profiledata_id_seq'::regclass) | ||
portgroup | Table | ports | _int4 | 10 | null | Array of port numbers for given portgroup record. |
||
certificate | Table | subject_id | int4 | 10 | √ | null | Id for data referencing certificate subject. It maps to zone.certificatepath.id |
|
device_pattern | Table | profiledata_id | int4 | 10 | √ | null | Id of profiledata that is matched against this device and pattern record. It maps to zone.profiledata.id. It contains a non null value for all matches resulted from snmp (sysDescr, sysObj), CIFS, tcp (p0f) responses. |
|
forwarders_range | Table | end1 | int4 | 10 | √ | null | End value for this range record |
|
target | Table | ordid | float4 | 8 | √ | random() | A Random value used to distribute targets. When collector requests next set of targets, query performs order by ordid before returning target list |
|
edge | Table | interface_id1 | int4 | 10 | √ | null | ||
target_hist | Table | last_target | timestamptz | 35 | √ | null | ||
interface_address | Table | id | serial | 10 | √ | nextval('zone.interface_address_id_seq'::regclass) | Unique identifier for interface_address record. |
|
interface | Table | alias | text | 2147483647 | √ | null | Alias of interface. It is normalized from device->interface->alias. |
|
device_wmialias | Table | wmialias_id | int4 | 10 | null | Id of a wmialias this record belongs to. It maps to zone.wmialias.id |
||
mapnode | Table | acknowledged | bool | 1 | √ | false | Boolean flag indicating if this map node has being acknowledged. |
|
target_hist | Table | expandedconfig | text | 2147483647 | √ | null | ||
links | View | hosts | bool | 1 | √ | null | ||
firemon_risk_range | Table | risk | text | 2147483647 | √ | null | ||
device_values | Table | l2hosts | int4 | 10 | √ | 0 | Indicates number of layer2 hosts this device is connected to. In other words, there are l2hosts number of layer2 edges between this device and other devices that are hosts. |
|
profiles | View | identity | text | 2147483647 | √ | null | ||
link | Table | zone_id | int4 | 10 | null | Zone Id for link record |
||
interface_route | Table | last_update | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated |
|
map | Table | preferences | text | 2147483647 | √ | null | ||
device_vendor | View | profiled | text | 2147483647 | √ | null | ||
forwarders_range | Table | start1 | int4 | 10 | √ | null | Start value for this range record |
|
device_wmialias | Table | zone_id | int4 | 10 | null | Zone Id of a device_wmialias record. It maps to zone.id |
||
device_match | Table | type_id | int4 | 10 | null | Id of a profile type for given match record. It maps to profile.type. Valid values for profile.type are Device Type, OS, Model, Version, Vendor |
||
profiledata | Table | rawdata | text | 2147483647 | null | The raw (unnormalized) profile data |
||
result | Table | id | serial | 10 | √ | nextval('zone.result_id_seq'::regclass) | ||
interface_route | Table | aspath | _int8 | 19 | √ | null | AS Path for this route. |
|
device | Table | id | serial | 10 | √ | nextval('zone.device_id_seq'::regclass) | Unique identifier for device record |
|
links | View | layer | text | 2147483647 | √ | null | ||
interface_host | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface host. |
||
target_hist | Table | ordid | float4 | 8 | √ | random() | ||
snmpalias | Table | zone_id | int4 | 10 | null | Zone Id for snmpalias record. It maps to system.zone.id |
||
device_snmpalias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_attribute | Table | zone_id | int4 | 10 | null | Zone Id of a device_attribute record. It maps to zone.id column |
||
routetype | Table | id | serial | 10 | √ | nextval('zone.routetype_id_seq'::regclass) | Unique identifier for routetype record |
|
device_profiledata | Table | profiledata_id | int4 | 10 | null | Id of a profiledata this record refers to. It maps to zone.profiledata.id. One profiledata_id can be shared across multiple devices. |
||
certificate | Table | version | int4 | 10 | √ | null | Version of the certificate |
|
device_response | Table | collector_id | int4 | 10 | null | Collector Id of a device this record belongs to. It maps to system.collector.id |
||
device_certificate | Table | certificate_id | int4 | 10 | null | Unique identifier for certificat record. It maps to zone.certificate.id |
||
device_pattern | Table | port_match | bool | 1 | √ | null | A boolean flag that is set to true if pattern that matched is result of match against services. Services patterns are the ones that are based on certain ports being open. So, if we find open ports and they match with any patterns, port_match is set to true |
|
config | Table | id | serial | 10 | √ | nextval('zone.config_id_seq'::regclass) | Unique identifier for config record |
|
path | Table | hash | text | 2147483647 | √ | null | ||
device_pattern | Table | device_id | int4 | 10 | null | Id of a device this pattern match belongs to. It maps to device.id |
||
attribute_cidr | Table | zone_id | int4 | 10 | null | Zone Id for attribute_cidr record |
||
map | Table | title | text | 2147483647 | √ | null | ||
response_decision | Table | id | serial | 10 | √ | nextval('zone.response_decision_id_seq'::regclass) | Unique identifier for response_decision record |
|
iftable_vlan | Table | vlan | int4 | 10 | null | Vlan number. |
||
device_response | Table | scantype_id | int4 | 10 | null | Scan Type Id of a device this record belongs to. It maps to zone.scantype.id |
||
device_values | Table | l2peers | int2 | 5 | √ | 0 | Indicates number of layer2 nodes this device is connected to. In other words, there are l2peers number of layer2 edges between this device and other devices that are not hosts. |
|
target_highpriority | Table | last_target | timestamptz | 35 | √ | null | ||
interface | Table | port | int4 | 10 | √ | null | Port of interface. It is normalized from device->interface->switchInfo->port. |
|
profiles | View | type | text | 2147483647 | √ | null | ||
device_snmpalias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given alias. It gets updated with current timestamp everytime a device response is received for an SNMP alias. |
|
target_shadow | Table | zone_id | int4 | 10 | null | Zone Id for target record. It maps to system.zone.id however, there is no foreign key relation specified for this column. |
||
device_attribute | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given attribute. It gets updated with curren timestamp everytime device response is received for an attribute. |
|
device_pattern | Table | certificatepath_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from http (certificate). It maps to zone.certificatepath.id |
|
acknowledgeddevice | Table | acknowledged | bool | 1 | null | |||
device_match | Table | attribute_id | int4 | 10 | null | Id of an attribute/value for given match record. It maps to profile.attribute. All values for profile.attribute comes from pattern->attribute value of patterns.xml |
||
profile_translation | Table | pattern_id | int4 | 10 | null | Pattern Id for profiledatatype record |
||
mapnode | Table | device_id | int4 | 10 | √ | null | Device Id for this node. |
|
snmpaliasgroup | Table | aliases | _text | 2147483647 | null | Array of credentials for given snmpaliasgroup record. |
||
device | Table | device_id | int4 | 10 | √ | null | Parent Id of a device. parent child relationship is implemented with self join to device table. If this field is not null, it indicates that this device is a child device and device.id that matches up with this zone.device.device_id is parent of this child. |
|
attribute_cidr | Table | cidrval | cidr | 2147483647 | null | CIDR value for attribute_cidr record |
||
device_response | Table | time | timestamptz | 35 | √ | null | Time when a device response was received for given scan type and protocol. |
|
target_shadow | Table | detailsold | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. A non null value indicates update and holds details column value from target table prior to update. A null value indicates that this record was an insert. |
|
target | Table | last_target | timestamptz | 35 | √ | null | Timestamp when this target was picked up by a collector last. It is set to null when it is yet to be picked up. When collector asks for next set of records, records with null last_target will get picked up first. If value is non null, targets will be picked up if time elapsed since last_update is greater than rescan interval of a collector. |
|
scantype | Table | id | serial | 10 | √ | nextval('zone.scantype_id_seq'::regclass) | Unique identifier for scantype record |
|
interface_route | Table | id | serial | 10 | √ | nextval('zone.interface_route_id_seq'::regclass) | Unique identifier for interface_route record. |
|
target_hist | Table | batchid | int4 | 10 | √ | null | ||
device_wmialias | Table | last_update | timestamptz | 35 | √ | now() | The most recent time when a device has responded with given WMI alias. It gets updated with current timestamp everytime a device response for WMI discovery is received for an alias. |
|
target_shadow | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id however, there is no foreign key relation specified for this column. |
|
attributes | View | type_id | int4 | 10 | √ | null | Id for system attribute. This maps to system.attributetype.id |
|
target_shadow | Table | id | serial | 10 | √ | nextval('zone.target_shadow_id_seq'::regclass) | Unique identifier for target_shadow record |
|
target_shadow | Table | last_target | timestamptz | 35 | √ | null | ||
response_decision | Table | reason | text | 2147483647 | √ | null | Reasaon for the decision made for response_decision record |
|
attributes | View | type | text | 2147483647 | √ | null | The name of the system attribute |
|
updates | Table | time | timestamptz | 35 | √ | now() | ||
mapnode | Table | id | serial | 10 | √ | nextval('zone.mapnode_id_seq'::regclass) | Unique identifier for mapnode record |
|
edge | Table | id | serial | 10 | √ | nextval('zone.edge_id_seq'::regclass) | ||
interface | Table | vlan | int4 | 10 | √ | null | Vlan of interface. It is normalized from device->interface->vlan as well as device->interface->switchInfo->vlans. If switchInfo contains vlan, it will use that instead of interface->vlan. |
|
acknowledgeddevice | Table | device_id | int4 | 10 | null | |||
route | Table | zone_id | int4 | 10 | null | Zone Id for route record. It maps to system.zone.id |
||
device_values | Table | hastraces | bool | 1 | √ | false | Boolean flag indicating if given device responded to pathDiscovery scan type. Set to true if it responded to pathDiscovery, false otherwise. |
|
certificate | Table | chainorder | int4 | 10 | √ | null | ||
target | Table | cidrval | cidr | 2147483647 | null | Actual IP/CIDR that needs to be targeted. Having value in this record avoids extra joins with attribute_cidr, device or route tables. |
||
device | Table | macvendor_id | int4 | 10 | √ | null | Id of macvendor of a device. It maps to system.macvendor.id |
|
interface_route | Table | route | cidr | 2147483647 | √ | null | Route for this interface_route record. Same value can be found from route.id for matching route_id but it is inserted here as a form of denormalization for faster data retrieval. |
|
certificatepath | Table | time | timestamptz | 35 | √ | transaction_timestamp() | Timestamp when this record was created/updated. |
|
device_values | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_snmpalias | Table | snmpalias_id | int4 | 10 | null | Id of a snmpalias this record belongs to. It maps to zone.snmpalias.id |
||
profiles | View | confidence | int4 | 10 | √ | null | ||
interface | Table | rootport | bool | 1 | √ | null | Rootport of interface. It is normalized from device->interface->index->switchInfo->rootPort. |
|
target_highpriority | Table | collector_id | int4 | 10 | null | |||
device_attribute | Table | attribute_cidr_id | int4 | 10 | √ | null | Id of CIDR that represents device_attribute record. It is mainly populated for ASName attributetype but can be used for any attribute that would contain a cidr. It maps to system.attribute_cidr.id |
|
device | Table | firstobserved | timestamptz | 35 | √ | now() | Timestamp a device was first observed. Timestamp refers to timestamp/timezone of database server |
|
interface | Table | voicevlan | int4 | 10 | √ | null | ||
updatetargetspace_log | Table | id | serial | 10 | √ | nextval('zone.updatetargetspace_log_id_seq'::regclass) | Unique identifier for updatetargetspace_log record |
|
acknowledgeddevice | Table | zone_id | int4 | 10 | null | |||
config | Table | value | text | 2147483647 | √ | null | Configuration value for a given key, within a collector and zone |
|
device_values | Table | zone_id | int4 | 10 | null | Zone Id of a device_values record. It maps to zone.id |
||
interface_route | Table | asnum | int8 | 19 | √ | null | AS Number for this route. |
|
target_hist | Table | details | text | 2147483647 | √ | null | ||
target_shadow | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id however, there is no foreign key relation specified for this column. |
||
device_response | Table | protocol_id | int4 | 10 | null | Protocol Id of a device this record belongs to. It maps to zone.protocol.id |
||
target_shadow | Table | detailsnew | text | 2147483647 | √ | null | Used to store target speicfic metadata. It holds extra configuration values that are being used by collectors. |
|
device_values | Table | target | bool | 1 | √ | false | Boolean flag indicating if given device is targeted for this zone (as part of any collector). Set to true if targeted, false otherwise. By targeted, it means that the device is set under Zone->Discovery Spaces->Target List. |
|
device | Table | lastobserved | timestamptz | 35 | √ | now() | Timestamp a device was last observed. Timestamp refers to timestamp/timezone of database server. It gets updated each time a response is received for this device. Note: Each time a response is received and processed for a device, lastobserved gets current timestamp and active gets set to true. |
|
path | Table | targetcidrs | _cidr | 2147483647 | √ | null | ||
nackcandidate | Table | id | serial | 10 | √ | nextval('zone.nackcandidate_id_seq'::regclass) | ||
targetm | Table | device_id | int4 | 10 | √ | null | ||
interface | Table | bridge | macaddr | 2147483647 | √ | null | Bridge of interface. It is normalized from device->interface->switchInfo->bridge. |
|
response_decision | Table | nlshash | text | 2147483647 | √ | null | Sysname/syslocation/serial number for response_decision record |
|
device_match | Table | confidence | int4 | 10 | null | Confidence for any given match record. It is derived from profile.pattern_attribute for matching pattern_id and type_id. It is stored in device_match to make fetching profile information avoiding lookup against pattern_attribute. |
||
link | Table | device_id2 | int4 | 10 | null | To Device Id for link record. It maps to zone.device.id. |
||
nackcandidate | Table | ip | inet | 2147483647 | √ | null | ||
target_hist | Table | action | text | 2147483647 | √ | null | ||
profiles | View | ip | inet | 2147483647 | √ | null | ||
interface | Table | description | text | 2147483647 | √ | null | Description of interface. It is normalized from device->interface->description. |
|
certificatepath_pattern | Table | certificatepath_id | int4 | 10 | null | Id of certificatepath that this certificatepath matches. It maps to zone.certificatepath.id |
||
interface_route | Table | route_id | int4 | 10 | null | Id of route. It maps to zone.route.id |
||
device_values | Table | leakinbound | bool | 1 | √ | false | Boolean flag indicating if given device responded to inboundLeak scan type. Set to true if it responded to inboundLeak, false otherwise. |
|
device_pattern | Table | zone_id | int4 | 10 | null | Zone Id of a device_pattern record. It maps to zone.id column |
||
nackcandidate | Table | zone_id | int4 | 10 | null | |||
interface_address | Table | interface_id | int4 | 10 | null | Id of interface that contains this interface address. |
||
profiles | View | mac | macaddr | 2147483647 | √ | null | ||
profile_translation | Table | newattribute_id | int4 | 10 | √ | null | Newattribute Id for profiledatatype record. |
|
device | Table | identity | text | 2147483647 | √ | null | A metadata that further identifies a device, especially the ones that don't have IP Address or MAC address. Possible values include (but are not limited to) collector:* or stealth:*. When a stealth device is found, notation that is being used to populate identity is stealth: |
|
updates | Table | zone_id | int4 | 10 | √ | null | ||
mapnode | Table | map_id | int4 | 10 | null | Id of map this mapnode record refers to. |
||
links | View | device_id1 | int4 | 10 | √ | null | ||
updatetargetspace_log | Table | parameters | _text | 2147483647 | √ | null | Parameters passed in for update target processing. Possible parameters are onlyDeletes and verification |
|
mapnode | Table | height | float4 | 8 | √ | null | Height value for mapnode record. |
|
attribute | Table | attribute | text | 2147483647 | √ | null | Value of discovered meta data/attribute. |
|
target_highpriority | Table | details | text | 2147483647 | √ | null | ||
certificate | Table | extensions | text | 2147483647 | √ | null | Not being used. |
|
updates | Table | fields | hstore | 2147483647 | √ | null | ||
profile_translation | Table | id | serial | 10 | √ | nextval('zone.profile_translation_id_seq'::regclass) | Unique identifier for profiledatatype record |
|
iftable_vlan | Table | zone_id | int4 | 10 | √ | null | Zone Id for iftable_vlan record |
|
device_profiledata | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
updatetargetspace_log | Table | action | text | 2147483647 | √ | null | Type of action this updatetargetspace_log record represents. Valid values are: insert, update, delete. |
|
link | Table | id | serial | 10 | √ | nextval('zone.link_id_seq'::regclass) | Unique identifier for link record |
|
wmialias | Table | id | serial | 10 | √ | nextval('zone.wmialias_id_seq'::regclass) | unique identifier for wmialias record |
|
iftable | Table | bridgeaddress | macaddr | 2147483647 | √ | null | Bridge address of an interface table. It is normalized from device->bridgeAddress. It will be null when iftable entry represents device level route processing. |
|
mapnode | Table | asset_reference | text | 2147483647 | √ | null | Asset Reference value for mapnode record. |
|
target | Table | scantype_id | int4 | 10 | null | Scan Type / Discovery Type Id for target record. It maps to zone.scantype.id |
||
device | Table | lastupdate | text | 2147483647 | √ | null | Indicates how or why of the last update for this. It only retains the reason for the last update that happened to this device. For example, when an interface table data is processed for the first time, IP Address for that interface data gets lastupdate set to iftable-dev, however, while processing later response, if we got another update, we will then set the lastupdate to later response code. Possible values are: ident-ins - This value will be set if device with given identity doesn't exist in db and incoming device does not have IP associated with it. This will be mostly be true for all stealth devices. As we discover them, we insert them in db with lastupdate set to ident-ins identip-ins - very similar to ident-ins, This value will be seen if device with given identity does not exist in db and incoming device contains an IP Address. This will be true for collector device identip-upd - This value will be set when a response comes in for collector or stealth and there is no device in db with that entity. However, since IP Address exists in the database, we update existing database device and set its last update to identip-upd iftable-dev - This value will be set when a device interface table data is processed, one IP Address gets picked from available interface addresses and entry is created in device table for that IP Address and lastupdate for that device gets set to iftable-dev (along with meta to be true and iftable_id to be interface table id for this interface data) intf-ip-ins - This value will be set when a device interface data is processed, entries in interface->addresses (these are interface IP Addresses) and interface->physicalAddress (these are interface macs) gets inserted as devices. Their lastupdate is set to intf-ip-ins and device_id is set to id of device for that interface table data intf-ip-upd - This value will be set when while processing device interface data, if entry exists in the database for either interface->addresses or interface->physicaladdress but assigned to different device, (device_id is not same as id of interface device that we are processing), device for this IP or MAC gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed if IP Address exists in the database that is also contained in interface->addresess, database entry for that IP gets updated with lastupdate set to intf-ip-upd and device_id set to id of interface device that is getting processed and null mac ip - This value will be set when a device is discovered for the first time layer2-hosts - This value will be set when all MAC addresses present in interface->switchInfo->hosts get inserted into device table with lastupdate set to layer2-hosts. are almost always devices with null ip macip-arp - This value will be set When a device interface data is processed, all ARP entries (present in device->interface->hosts (as MAC/IP pairs)), where both MAC or IP does not exist in the database, gets inserted in to device table (with few exceptions) with lastupdate set to macip-arp snmp-macip - There are few scenarios when a device.lastupdate gets set to snmp-macip: 1. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device with either of the MAC address or IP Address does not exist in the database, a device entry is created with lastupdate set to snmp-macip - This is really synonymous to macip-arp and might need to change it to macip-arp 2. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if device exists in the database with IP that is in MAC/IP pair, however no device exists in the database with MAC from MAC/IP pair, and database device with IP does not have a MAC associated with it, that database device gets updated with MAC from arp entry and lastupdate is set to snmp-macip 3. When a device response contains ARP entries and for a given arp entry (MAC/IP pair), if two separate devices exist in the database (one with IP set to arp IP and another one with MAC set to arp MAC) and none of the devices in the database are consolidated (their device_id is null) and if IP device in database also has a MAC (different then the one in arp entry), update database device with arp IP and set its IP Address to null and lastupdate to snmp-macip and ident set to "unassigned: |
|
device_ports | Table | zone_id | int4 | 10 | null | Zone Id of a device_ports record. It maps to zone.id |
||
interface | Table | iftable_id | int4 | 10 | null | |||
device | Table | iftable_id | int4 | 10 | √ | null | Id of interface table record that this device is associated to. A device having a non null value in this column is most likely a switch. iftable_id maps to zone.iftable.id |
|
cloudalias | Table | aliasorder | bigserial | 19 | √ | √ | nextval('zone.cloudalias_collector_order_seq'::regclass) | Used to order aliases, use the default, do not write directly |
target | Table | route_id | int4 | 10 | √ | null | Route Id for target record. It maps to zone.route.id |
|
response_decision | Table | zone_id | int4 | 10 | null | Zone Id for response_decision record |
||
target_highpriority | Table | target_id | int4 | 10 | √ | null | ||
device_wmialias | Table | device_id | int4 | 10 | null | Id of a device this record belongs to. It maps to device.id |
||
device_values | Table | id | serial | 10 | √ | nextval('zone.device_values_id_seq'::regclass) | Unique identifier for device_values record |
|
listsize_by_zone_view | View | ips | text | 2147483647 | √ | null | ||
profiles | View | source | text | 2147483647 | √ | null | ||
target_hist | Table | collector_id | int4 | 10 | null | |||
attribute_cidr | Table | timestamp | timestamptz | 35 | √ | now() | Timestamp when this record was created/updated. |
|
interface | Table | adminstatus | int4 | 10 | √ | null | AdminStatus of interface. It is normalized from device->interface->adminStatus. |
|
attribute | Table | zone_id | int4 | 10 | null | Zone Id of an attribute record. It maps to system.zone.id column |
||
device_vendor | View | mac | text | 2147483647 | √ | null | ||
certificate | Table | startdate | timestamp | 29 | √ | null | Start date for the certificate |
|
device_attribute | Table | attribute_id | int4 | 10 | √ | null | Id of attribute this mapping represents. It maps to zone.attribute.id |
|
profiles | View | device_id | int4 | 10 | √ | null | ||
device_values | Table | forwarder | bool | 1 | √ | false | Boolean flag indicating if given device is a forwarder. Set to true if it is forwarder, false otherwise. |
|
iftable | Table | id | serial | 10 | √ | nextval('zone.iftable_id_seq'::regclass) | Unique identifier for interfacetable record |
|
snmpalias | Table | credential | text | 2147483647 | √ | null | Credentials for snmpalias record. Credentials are stored in following format. <version of credential(either v2 or v3)>:alias name:encoded credentials. |
|
device_ports | Table | open | _int4 | 10 | √ | null | List of all ports that are reported open for a device. Please see table description for more information. |
|
attribute_cidr | Table | attribute_id | int4 | 10 | √ | null | Id of attribute value. Maps to zone.attribute.id |
|
targetm | Table | route_id | int4 | 10 | √ | null | ||
targetm | Table | cidr_id | int4 | 10 | √ | null | ||
device_pattern | Table | macvendor_id | int4 | 10 | √ | null | Id of pattern that contains a match for given profile type record. It contains a non null value for all matches resulted from macvendor. It maps to system.macvendor.id |
|
interface_host | Table | device_id | int4 | 10 | null | Device Id of MAC that is host for this interface. |
||
attributes | View | attribute_id | int4 | 10 | √ | null | Id for value of the system attribute. This maps to zone.attribute.attributetype_id |
|
profiles | View | parent_id | int4 | 10 | √ | null | ||
target_shadow | Table | collector_id | int4 | 10 | null | Collector Id for target record. It maps to system.collector.id however, there is no foreign key relation specified for this column. |
||
targetm | Table | cidrval | cidr | 2147483647 | √ | null | ||
protocol_numbers | Table | protocol | text | 2147483647 | √ | null | ||
device_profiledata | Table | port | int4 | 10 | null | Responding port (where applicable) for profiledata. Set to 0 for profile data types sysDescr, sysObjId and CIFS. Set to -1 for tcp (p0f). Set to the port that responded to this profiledata/banner for profile data type http (certificate) |
||
target | Table | batchid | int4 | 10 | √ | null | A serial number that gets inserted each time a collector is given list of targets. It contains nextval('zone.target_batch_id'). |
|
cloudalias | Table | alias | text | 2147483647 | null | Alias given for this credentials. This is the value that gets displayed on UI |
||
profiledata_pattern | Table | profiledata_id | int4 | 10 | null | Profiledata Id for profiledata_pattern record. It maps to zone.profiledata.id |
||
target_highpriority | Table | cidr_id | int4 | 10 | √ | null | ||
attribute_cidr | Table | attributetype_id | int4 | 10 | null | Id of attribute type. Maps to system.attributetype.id |
||
macvendor_pattern | Table | pattern_id | int4 | 10 | null | Pattern Id for macvendor_pattern record. It maps to profile.pattern.id |
||
target_shadow | Table | last_update | timestamptz | 35 | √ | now() | ||
profiledata | Table | data | text | 2147483647 | null | The normalized profile data. At least converted to lower case and non printable characters are deleted or escaped. |
||
iftable | Table | contenthash | text | 2147483647 | null | Content hash of interface data that is constructed by concatenating interface index, description, name, alias, adminstatus, opstatus, physical address, addresses, vlan, voicevlan, switchinto port, switchinfo rootport, switchinfo trunkport, switchinfo vlans, switchinfo hosts acrosss all incoming interface infomation. It is used to perform a check to decide if any further update on interface is needed or not. For an incoming response, if a hash in iftable machtes with response's hash but contenthash doesn't match, ( Any of the attributes that calculates content hash has changed since last time we got response ) appropariate updates to iftable, interface and interface_hosts are made, else that procesing is skipped. Contenthash will be empty when iftable entry represents device level route processing. |
||
attributes | View | attribute | text | 2147483647 | √ | null | The value for the system attribute |