Domain names

Field

Group

Type

Activity start time

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Start time of investigated activity

NXQL ID:

activity_start_time

Activity stop time

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Stop time of investigated activity

NXQL ID:

activity_stop_time

Average incoming web bitrate

Availability

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Average incoming bitrate of all underlying web requests, consolidated over time

NXQL ID:

average_incoming_bitrate

Average outgoing web bitrate

Availability

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Average outgoing bitrate of all underlying web requests, consolidated over time

NXQL ID:

average_outgoing_bitrate

Average web request duration

Availability

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Average time between request and last response byte

NXQL ID:

average_request_duration

Average web request size

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Average size of web requests

NXQL ID:

average_request_size

Average web response size

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Average size of web responses

NXQL ID:

average_response_size

Database usage

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the percentage of the Engine database used by the domain.

NXQL ID:

database_usage

Domain category

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the category of the domain:

  • '-' : not yet tagged or internal domain

NXQL ID:

domain_category

First seen

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

The first time the domain has been seen

NXQL ID:

first_seen

Highest local privilege level reached

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Highest local privilege level reached for executions (user, power user, administrator)

NXQL ID:

highest_local_privilege_reached

Hosting country

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates in which country the domain is hosted:

  • '-' : not yet tagged, internal domain or not known by Nexthink Library

NXQL ID:

hosting_country

Hostname

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

The hostname of the fully qualified domain name

NXQL ID:

hostname

Incoming web traffic

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Total web incoming traffic

NXQL ID:

incoming_traffic

Incoming web traffic per device

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the incoming web traffic divided by the number of devices.

NXQL ID:

incoming_web_traffic_per_device

Internal domain

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates whether the domain is considered internal:

  • yes: the domain is not reported to Nexthink Library and subdomains are not compressed using the '*' pattern

  • no: the domain is reported to the Nexthink Library (if the license includes the Security module); complex subdomains are compressed using the '*' pattern

NXQL ID:

internal_domain

Last seen

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

The last time the domain has been seen

NXQL ID:

last_seen

Lowest observed web protocol version

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)

NXQL ID:

lowest_protocol_version

Name

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

The fully qualified domain name

NXQL ID:

name

Number of applications

Inventory

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of applications

NXQL ID:

number_of_applications

Number of binaries

Inventory

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of binaries

NXQL ID:

number_of_binaries

Number of destinations

Inventory

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of destinations

NXQL ID:

number_of_destinations

Number of devices

Inventory

Aggregate

Windows black.pngMac black.pngMobile black.png

Number of devices

NXQL ID:

number_of_devices

Number of executables

Inventory

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of executables

NXQL ID:

number_of_executables

Number of ports

Inventory

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of ports

NXQL ID:

number_of_ports

Number of users

Inventory

Aggregate

Windows black.pngMac black.pngMobile black.png

Number of users

NXQL ID:

number_of_users

Number of web requests

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Number of web requests

NXQL ID:

number_of_web_requests

Outgoing web traffic

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Total web outgoing traffic

NXQL ID:

outgoing_traffic

Outgoing web traffic per device

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the outgoing web traffic divided by the number of devices.

NXQL ID:

outgoing_web_traffic_per_device

Protocols used in web requests

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Protocols used in web requests (HTTP, TLS, HTTP/TLS)

NXQL ID:

protocols_used_in_requests

Reputation

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the reputation of the domain:

  • '-': internal domain or not yet tagged

  • 'trustworthy': clean domain which has not been connected to any security risks

  • 'low risk': benign domain which rarely delivers dangerous content

  • 'moderate risk': generally benign domain which has exhibited potentially risky behavior

  • 'high risk': potentially malicious domain which delivers dangerous content

NXQL ID:

threat_level

Storage policy

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Event storage policy for the domain (web request or none)

NXQL ID:

storage

Successful HTTP requests ratio

Availability

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Percentage of successful HTTP requests (1xx, 2xx and 3xx)

NXQL ID:

successful_http_requests_ratio

Total web traffic

Traffic

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Total web traffic (incoming and outgoing)

NXQL ID:

total_web_traffic

UID

Properties

Field

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the universally unique identifier (based on domain name).

Web interaction time

Activity

Aggregate

Windows black.pngMac black.pngMobile gray disabled.png

Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.

NXQL ID:

cumulated_web_interaction_duration