Data model changes 6.28

New objects for virtualization

Objects represent items recognized by Nexthink.

User

Users of devices (domain, local or system).

Field	Group	Type
Average Citrix RTT	Session performance	Aggregate
	Indicates the Citrix RTT averaged across all session performance events. Citrix ICA RTT represents the screen lag experienced by the user and it measures the time between a user input and the display of the response. The measure is only available for Citrix ICA
	NXQL ID:	average_citrix_rtt
Average session network latency	Session performance	Aggregate
	Indicates the session network latency averaged across all session performance events. It measures the performance of the network. When the value is too high, the user will see some screen lag and a degraded user experience. The measure is not available for local session.
	NXQL ID:	average_session_network_latency
Session duration	Session performance	Aggregate
	Indicates the duration of the sessions summed across all session performance events.
	NXQL ID:	session_duration

Device

Devices are Windows, Mac OS or mobile endpoints

Field	Group	Type
Average Citrix RTT	Session performance	Aggregate
	Indicates the Citrix RTT averaged across all session performance events. Citrix ICA RTT represents the screen lag experienced by the user and it measures the time between a user input and the display of the response. The measure is only available for Citrix ICA
	NXQL ID:	average_citrix_rtt
Average session network latency	Session performance	Aggregate
	Indicates the session network latency averaged across all session performance events. It measures the performance of the network. When the value is too high, the user will see some screen lag and a degraded user experience. The measure is not available for local session.
	NXQL ID:	average_session_network_latency
Session duration	Session performance	Aggregate
	Indicates the duration of the sessions summed across all session performance events.
	NXQL ID:	session_duration

Session

Sessions of a user logged on a device.

Field	Group	Type
Citrix RTT	Session performance	Field
	Indicates the maximum Citrix RTT which represents the screen lag experienced by the user. It measures the time between a user input and the display of the response. It includes the network time. The measure is only available for Citrix ICA.
	NXQL ID:	citrix_rtt
Client IP	Session performance	Field
	Indicates the IP of the client connecting to the session.
	NXQL ID:	client_ip
Device ID	Device	Field
Device ID	Indicates the ID of the device which hosts the session.
Device name	Device	Field
Device name	Indicates the name of the device which hosts the session.
Device SID	Device	Field
Device SID	Indicates the SID of the device which hosts the session.
Duration	Properties	Field
	Indicates the duration of the session performance event.
	NXQL ID:	duration
End time	Properties	Field
	Indicates the end time.
	NXQL ID:	end_time
ID	Properties	Field
	Indicates the session event identifier code.
	NXQL ID:	id
Session network latency	Session performance	Field
	Indicates the maximum session network latency. It measures the performance of the network. When the value is too high, the user will see some screen lag and a degraded user experience. The measure is not available for Console session.
	NXQL ID:	session_network_latency
Session protocol	Session performance	Field
	Indicates the protocol used to connect to the session. The possible values are: Citrix - ICA RDP Local session Multiple: the user connected with different protocols during the timeframe of the event.
	NXQL ID:	session_protocol
Start time	Properties	Field
	Indicates the start time.
	NXQL ID:	start_time
User ID	User	Field
User ID	Indicates the ID of the user connected to the session.
User name	User	Field
User name	Indicates the name of the user connected to the session.
User SID	User	Field
User SID	Indicates the SID of the user connected to the session.

Web & Cloud for macOS

Here are all the new fields available for macOS.

User

Users of devices (domain, local or system)

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Binary paths	Activity	Aggregate
Binary paths	List of executed binary paths (max. 50 paths)
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Device

Devices are Windows, Mac OS or mobile endpoints

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Executable

Executable programs (e.g. 'winword.exe')

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Binary

Executable binary files (e.g. 'winword.exe - 10.0.6843')

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Port

Connection ports (TCP or UDP)

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Destination

Devices receiving connections

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Number of domains	Inventory	Aggregate
	Number of domains
	NXQL ID:	number_of_domains
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Domain

Domain names

Field	Group	Type
Average incoming web bitrate	Availability	Aggregate
	Average incoming bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_incoming_bitrate
Average outgoing web bitrate	Availability	Aggregate
	Average outgoing bitrate of all underlying web requests, consolidated over time
	NXQL ID:	average_outgoing_bitrate
Average web request duration	Availability	Aggregate
	Average time between request and last response byte
	NXQL ID:	average_request_duration
Average web request size	Traffic	Aggregate
	Average size of web requests
	NXQL ID:	average_request_size
Average web response size	Traffic	Aggregate
	Average size of web responses
	NXQL ID:	average_response_size
Domain category	Properties	Field
	Indicates the category of the domain: '-' : not yet tagged or internal domain
	NXQL ID:	domain_category
First seen	Properties	Field
	The first time the domain has been seen
	NXQL ID:	first_seen
Hosting country	Properties	Field
	Indicates in which country the domain is hosted: '-' : not yet tagged, internal domain or not known by Nexthink Library
	NXQL ID:	hosting_country
Hostname	Properties	Field
	The hostname of the fully qualified domain name
	NXQL ID:	hostname
Incoming web traffic	Traffic	Aggregate
	Total web incoming traffic
	NXQL ID:	incoming_traffic
Incoming web traffic per device	Traffic	Aggregate
	Indicates the incoming web traffic divided by the number of devices.
	NXQL ID:	incoming_web_traffic_per_device
Internal domain	Properties	Field
	Indicates whether the domain is considered internal: yes: the domain is not reported to Nexthink Library and subdomains are not compressed using the '' pattern no: the domain is reported to the Nexthink Library (if the license includes the Security module); complex subdomains are compressed using the '' pattern
	NXQL ID:	internal_domain
Last seen	Properties	Field
	The last time the domain has been seen
	NXQL ID:	last_seen
Lowest observed web protocol version	Activity	Aggregate
	Lowest protocol version observed in web requests (excluding web requests with unknown protocol version)
	NXQL ID:	lowest_protocol_version
Name	Properties	Field
	The fully qualified domain name
	NXQL ID:	name
Number of web requests	Activity	Aggregate
	Number of web requests
	NXQL ID:	number_of_web_requests
Outgoing web traffic	Traffic	Aggregate
	Total web outgoing traffic
	NXQL ID:	outgoing_traffic
Outgoing web traffic per device	Traffic	Aggregate
	Indicates the outgoing web traffic divided by the number of devices.
	NXQL ID:	outgoing_web_traffic_per_device
Protocols used in web requests	Activity	Aggregate
	Protocols used in web requests (HTTP, TLS, HTTP/TLS)
	NXQL ID:	protocols_used_in_requests
Reputation	Properties	Field
	Indicates the reputation of the domain: '-': internal domain or not yet tagged 'trustworthy': clean domain which has not been connected to any security risks 'low risk': benign domain which rarely delivers dangerous content 'moderate risk': generally benign domain which has exhibited potentially risky behavior 'high risk': potentially malicious domain which delivers dangerous content
	NXQL ID:	threat_level
Storage policy	Properties	Field
	Event storage policy for the domain (web request or none)
	NXQL ID:	storage
Successful HTTP requests ratio	Availability	Aggregate
	Percentage of successful HTTP requests (1xx, 2xx and 3xx)
	NXQL ID:	successful_http_requests_ratio
Total web traffic	Traffic	Aggregate
	Total web traffic (incoming and outgoing)
	NXQL ID:	total_web_traffic
UID	Properties	Field
UID	Indicates the universally unique identifier (based on domain name).
Web interaction time	Activity	Aggregate
	Indicates the time during which at least one executable is doing HTTP or TLS traffic. This is counted with a 5-minute resolution.
	NXQL ID:	cumulated_web_interaction_duration

Web request

HTTP or TLS requests

Field	Group	Type
Application name	Application	Field
Application name	Name of the application which made the web request
Binary paths	Application	Field
Binary paths	Paths of the binary which made the web request
Binary version	Application	Field
Binary version	Version of the binary which made the web request
Cardinality	Properties	Field
	Number of underlying web requests, consolidated over time
	NXQL ID:	cardinality
Connections duration	Properties	Field
	The time between start of the first connection and end of the last underlying connection
	NXQL ID:	connections_duration
Device ID	Device	Field
Device ID	Unique identifier code of the web request source
Device name	Device	Field
Device name	Indicates the name of the device: For Windows: NetBios Name For Mac OS: computer name used on the network For Mobile: composed by mailbox name and device friendly name
Device SID	Device	Field
Device SID	Windows security identifier of the web request source
Domain name	Domain	Field
Domain name	Name of the web request destination domain
End time	Properties	Field
	Web request end time, corresponding to the moment when the last underlying TCP connection was closed
	NXQL ID:	end_time
Executable name	Application	Field
Executable name	Name of the executable which made the web request
HTTP status	Properties	Field
	HTTP response status code
	NXQL ID:	http_status
ID	Properties	Field
	Unique request identifier code
	NXQL ID:	id
Incoming web traffic	Traffic	Field
	Incoming web traffic of all underlying web requests, consolidated over time
	NXQL ID:	incoming_traffic
Network response time	Availability	Field
	Average TCP connection establishment time of all underlying connections, consolidated over time
	NXQL ID:	network_response_time
Outgoing web traffic	Properties	Field
	Outgoing web traffic of all underlying web requests, consolidated over time
	NXQL ID:	outgoing_traffic
Port number	Port	Field
Port number	Port number of the web request
Protocol	Properties	Field
	Web request protocol (HTTP, TLS)
	NXQL ID:	protocol
Protocol version	Properties	Field
	Web request protocol version
	NXQL ID:	protocol_version
Service related	Properties	Field
	Indicates whether the web request is related to a configured service: yes: these requests are always visible by all users no: depending on the privacy settings, requests not related to a service might not be visible by everyone
	NXQL ID:	service_related
Signature ID	Properties	Field
	ID of the related web request signature, i.e. a user executing a certain process on a particular device which emits requests to a specific domain
	NXQL ID:	signature_id
Start time	Properties	Field
	Web request start time
	NXQL ID:	start_time
URL path	Properties	Field
URL path	Indicates the expression used to match the web request against web-based services with URL path: `'-': the web request did not match against any service with URL path` CODE
User ID	User	Field
User ID	Unique identifier code of the user who made the web request
User name	User	Field
User name	Name of the user who made the web request
User SID	User	Field
User SID	Indicates the Windows security identifier for the user who made the web request. For Mac 0S: the value is 'S-0-0' if the user is not in Active Directory
Web request duration	Properties	Field
	Average time between request and last response byte of all underlying requests, consolidated over time
	NXQL ID:	web_request_duration