TCP or UDP connections (merged when in close succession).

Field

Group

Type

Application name

Application

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Name of the connecting application

Average network response time

Availability

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the average TCP connection establishment time. The value is the average over

all underlying connections before aggregation.

NXQL ID:

network_response_time

Binary paths

Application

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Paths of the connecting binary

Binary version

Application

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Version of the connecting binary

Cardinality

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of underlying connections, consolidated over time

NXQL ID:

cardinality

Connection type

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Type of the connection (tcp, udp, tcp network scan, tcp port scan, udp network scan, udp port scan)

NXQL ID:

type

Destination IP address

Destination

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

IP address of the connection destination

NXQL ID:

destination_ip_address

Destination name

Destination

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Name of the connection destination

Device ID

Device

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Unique identifier code of the connecting device

Device IP address

Device

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

IP address of the connecting device

NXQL ID:

device_ip_address

Device name

Device

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the name of the device:

  • For Windows: NetBios Name

  • For Mac OS: computer name used on the network

  • For Mobile: composed by mailbox name and device friendly name

Device SID

Device

Field

Windows black.png
Mac gray disabled.png
Mobile gray disabled.png

Windows security identifier for the connecting device

Duration

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

The time between the start of the first connection and end of the last underlying connection

NXQL ID:

duration

End time

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Connection end time, corresponding to the moment when the last underlying TCP connection was closed

NXQL ID:

end_time

Executable name

Application

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Name of the connecting executable

ID

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Unique connection identifier code

NXQL ID:

id

Incoming bitrate

Availability

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Average incoming bitrate of all underlying connections, consolidated over time

NXQL ID:

incoming_bitrate

Incoming TCP traffic

Traffic

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Incoming TCP traffic

Lifespan

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Connection lifespan in relation to investigation time frame

Outgoing bitrate

Availability

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Average outgoing bitrate of all underlying connections, consolidated over time

NXQL ID:

outgoing_bitrate

Outgoing TCP traffic

Traffic

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Outgoing TCP traffic

Outgoing UDP traffic

Traffic

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Outgoing UDP traffic

Port number

Port

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Port number of the connection

Signature ID

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

ID of the related connection signature, i.e. a user executing a certain process on a particular device which connects to a certain destination/port

NXQL ID:

signature_id

Start time

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Connection start time

NXQL ID:

start_time

Status

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Status of the connection (established, rejected, no service, no host, closed)

NXQL ID:

status

User ID

User

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Unique identifier code of the connecting user

User name

User

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Name of connecting user

User SID

User

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the Windows security identifier for the user.

  • For Mac 0S: the value is 'S-0-0' if the user is not in Active Directory