Connection ports (TCP or UDP).

Field

Group

Type

Activity start time

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Start time of investigated activity

NXQL ID:

activity_start_time

Activity stop time

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Stop time of investigated activity

NXQL ID:

activity_stop_time

Average incoming network bitrate

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average incoming network bitrate

NXQL ID:

average_incoming_bitrate

Average incoming web bitrate

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average incoming bitrate of all underlying web requests, consolidated over time

NXQL ID:

average_incoming_bitrate

Average network response time

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the average TCP connection establishment time of all underlying connections. The value is

the average TCP connection establishment time of all executions weighted by their cardinality.

NXQL ID:

average_network_response_time

Average outgoing network bitrate

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average outgoing network bitrate

NXQL ID:

average_outgoing_bitrate

Average outgoing web bitrate

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average outgoing bitrate of all underlying web requests, consolidated over time

NXQL ID:

average_outgoing_bitrate

Average web request duration

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average time between request and last response byte

NXQL ID:

average_request_duration

Average web request size

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average size of web requests

NXQL ID:

average_request_size

Average web response size

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Average size of web responses

NXQL ID:

average_response_size

Cumulated network connection duration

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Cumulated duration of TCP connections

NXQL ID:

cumulated_connection_duration

First seen

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

First time activity of the port was recorded on any device

NXQL ID:

first_seen

Highest local privilege level reached

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Highest local privilege level reached for executions (user, power user, administrator)

NXQL ID:

highest_local_privilege_reached

Incoming network traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total network incoming traffic

NXQL ID:

incoming_traffic

Incoming network traffic per device

Traffic

Aggregate

Windows black.png
Mac gray disabled.png
Mobile gray disabled.png

Indicates the incoming network traffic divided by the number of devices.

NXQL ID:

incoming_network_traffic_per_device

Incoming web traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total web incoming traffic

NXQL ID:

incoming_traffic

Incoming web traffic per device

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the incoming web traffic divided by the number of devices.

NXQL ID:

incoming_web_traffic_per_device

Last seen

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Last time activity of the port was recorded on any device

NXQL ID:

last_seen

Lowest observed web protocol version

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)

NXQL ID:

lowest_protocol_version

Network availability level

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the ratio of successful TCP connections. The possible values are:

  • high: the ratio is greater or equal to 98%

  • medium: the ratio is greater or equal to 90% and less than 98%

  • low: the ratio is lower than 90%

NXQL ID:

network_availability_level

Number of applications

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of applications

NXQL ID:

number_of_applications

Number of binaries

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of binaries

NXQL ID:

number_of_binaries

Number of connections

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of connections

NXQL ID:

number_of_connections

Number of destinations

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of destinations

NXQL ID:

number_of_destinations

Number of devices

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile black.png

Number of devices

NXQL ID:

number_of_devices

Number of domains

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of domains

NXQL ID:

number_of_domains

Number of executables

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of executables

NXQL ID:

number_of_executables

Number of users

Inventory

Aggregate

Windows black.png
Mac black.png
Mobile black.png

Number of users

NXQL ID:

number_of_users

Number of web requests

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Number of web requests

NXQL ID:

number_of_web_requests

Outgoing network traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total network outgoing traffic

NXQL ID:

outgoing_traffic

Outgoing network traffic per device

Traffic

Aggregate

Windows black.png
Mac gray disabled.png
Mobile gray disabled.png

Indicates the outgoing network traffic divided by the number of devices.

NXQL ID:

outgoing_network_traffic_per_device

Outgoing web traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total web outgoing traffic

NXQL ID:

outgoing_traffic

Outgoing web traffic per device

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the outgoing web traffic divided by the number of devices.

NXQL ID:

outgoing_web_traffic_per_device

Port number

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Port number

NXQL ID:

port_number

Port type

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Port type (tcp, udp, tcp port scan, udp port scan)

NXQL ID:

port_type

Port type/Port number

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Port value for tagging

NXQL ID:

port_value

Protocols used in web requests

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Protocols used in web requests (HTTP, TLS, HTTP/TLS)

NXQL ID:

protocols_used_in_requests

Successful HTTP requests ratio

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Percentage of successful HTTP requests (1xx, 2xx and 3xx)

NXQL ID:

successful_http_requests_ratio

Successful network connections ratio

Availability

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Percentage of successful TCP connections

NXQL ID:

successful_connections_ratio

Total network traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total network traffic (incoming and outgoing)

NXQL ID:

total_network_traffic

Total web traffic

Traffic

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Total web traffic (incoming and outgoing)

NXQL ID:

total_web_traffic

UID

Properties

Field

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the universally unique identifier (based on port number).

Web interaction time

Activity

Aggregate

Windows black.png
Mac black.png
Mobile gray disabled.png

Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.

NXQL ID:

cumulated_web_interaction_duration