NXQL Data Model
Objects
application
An application is a sets of executables e.g. 'Microsoft Office'. Platforms:
Name | Type | Operating system | Properties | Description |
company | string |
| – | Company producing the application |
database_usage | permill |
| – | Percentage of the database used by information related with the application |
description | string | Windows | – | Application description |
first_seen | datetime |
| NU | First time activity of the application was recorded on any device. |
id | identifier |
| – | Unique application identifier |
known_packages | string |
| – | List of packages known to contain the application. This list is not exhaustive: The presence of a package does not necessarily imply that on a given device the application was installed through that package. |
last_seen | datetime |
| NU | Last time activity of the application was recorded on any device. |
name | string |
| – | Application name |
platform | enum |
| – | The platform (operating system family) on which the application is running. |
storage_policy | enum |
| – | Indicates the event storage policy for the application. Possible values are:
|
total_active_days | day |
| – | Total number of days the application was active. |
binary
A binary is an executable binary files identified by its hash code. Platforms:
Name | Type | Operating system | Properties | Description |
application_category | string |
| SE | Indicates the category of the application:
|
application_company | string |
| – | Application company |
application_name | string |
| – | Application name |
architecture | enum |
| – | Executable architecture (32/64 bit) |
average_cpu_usage | permill | Windows | – | Average CPU usage for the binary |
average_memory_usage | byte | Windows | NU | Average memory usage for the binary |
average_number_of_graphical_handles | integer | Windows | NU | Average number of graphical handles (GDI) |
company | string |
| – | Executable company |
database_usage | permill |
| – | Percentage of the database used by information related with the binary. |
description | string | Windows | – | Description as it appears in the binary file. |
executable_name | string |
| – | Executable name |
file_size | byte |
| – | Binary file size |
first_seen | datetime |
| NU | First time activity of the binary was recorded on any device. |
hash | md5 |
| – | Hash code of the binary (MD5) |
id | identifier |
| – | Unique binary identifier |
last_seen | datetime |
| NU | Last time activity of the binary was recorded on any device. |
paths | path |
| – | List of paths of the binary |
platform | enum |
| – | The platform (operating system family) on which the binary is running. |
sha1 | sha1 |
| – | SHA-1 hash code of the binary |
sha256 | sha256 |
| – | SHA-256 hash code of the binary |
storage_policy | enum |
| – | Event storage policy for the binary (connection and execution, execution-only or none) |
threat_level | enum |
| SE | Indicates the threat level of the binary:
|
total_active_days | day |
| – | Total number of days the binary was active. |
user_interface | boolean | Windows | – | Application has interactive user interface |
version | version |
| – | Version of the binary |
destination
A destination is a device or server receiving TCP/UDP connections. Platforms:
Name | Type | Operating system | Properties | Description |
database_usage | permill |
| – | Percentage of the database used by information related with the destination |
first_seen | datetime |
| NU | First time activity to the destination was recorded on any device. |
id | identifier |
| – | Unique destination identifier |
ip_address | ip_address |
| – | IP address for the destination |
last_seen | datetime |
| NU | Last time activity to the destination was recorded on any device. |
name | string |
| – | Reverse lookup name |
device
A device is Windows physical or virtual machine monitored by a Nexthink Collector. Platforms:
Name | Type | Operating system | Properties | Description |
administrator_account_status | enum | Windows | – | Determines whether the local Administrator account is enabled or disabled. |
all_antispywares | string | Windows | – | Summary information about all the detected antispyware:
|
all_antiviruses | string | Windows | – | Summary information about all the detected antiviruses:
|
all_firewalls | string | Windows | – | Summary information about all the detected firewalls:
|
allow_non_provisionable_devices | boolean | – | NU | Indicates whether a device which does not fully support the policy is still allowed to connect to the Exchange Exchange ActiveSync server. If 'yes', the security policy is not guaranteed to be applied, even if the field 'ActiveSync policy application status' value is 'applied in full' |
antispyware_name | string | Windows | NU | Name of the main antispyware |
antispyware_rtp | enum | Windows | – | Indicates whether the antispyware real time protection (RTP) is active:
|
antispyware_up_to_date | enum | Windows | – | Indicates whether the antispyware is up-to-date:
|
antivirus_name | string | Windows | NU | Name of the main antivirus |
antivirus_rtp | enum | Windows | – | Indicates whether the antivirus real time protection (RTP) is active:
|
antivirus_up_to_date | enum | Windows | – | Indicates whether the antivirus is up-to-date:
|
audit_account_logon_events | enum | Windows | – | Determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. |
audit_account_management | enum | Windows | – | Determines whether to audit each event of account management on a computer. |
audit_directory_service_access | enum | Windows | – | Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. |
audit_logon_events | enum | Windows | – | Determines whether to audit each instance of a user logging on to or logging off from a computer. |
audit_object_access | enum | Windows | – | Determines whether to audit the event of a user accessing an object, e.g. a file, folder, registry key, printer, and so forth - that has its own system access control list (SACL) specified. |
audit_policy_change | enum | Windows | – | Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. |
audit_privilege_use | enum | Windows | – | Determines whether to audit each instance of a user exercising a user right. |
audit_process_tracking | enum | Windows | – | Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. |
audit_system_events | enum | Windows | – | Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. |
average_boot_duration | millisecond | Windows | NU | Full boot duration baseline |
average_fast_startup_duration | millisecond | Windows | NU | Indicated the fast startup boot duration averaged over the fast startups. In the calculation, recent boots weigh more than older boots (exponentially weighted moving average). |
average_logon_duration | millisecond | Windows | NU | User logon duration baseline |
bios_serial_number | string |
| NU | BIOS serial number |
boot_disk_health_status | enum | Windows | NU | Indicates the health of the disk from which the device is booting [from], as reported by the operating system. |
boot_disk_type | enum |
| NU | Indicates the type of the disk from which the device is booting. |
chassis_serial_number | string | Windows | NU | Chassis serial number |
cltr_ca_license_uid | string |
| NU | Indicates the Collector assignment license UID |
cltr_ca_status | enum |
| NU | Indicates whether Collector assignment service is enabled or disabled |
cltr_crash_guard_count | integer | Windows | NU | Indicates the number of consecutive hard resets or system crashes of the device |
cltr_crash_guard_limit | integer | Windows | NU | Indicates the Collector CrashGuard limit |
cltr_crash_guard_protection_interval | integer | Windows | NU | Indicates the CrashGuard monitoring interval in minutes |
cltr_crash_guard_react_interval | integer | Windows | NU | Indicates the Collector CrashGuard reactivation interval in hours |
cltr_custom_shells | enum | Windows | NU | Indicates whether the Collector reports user logon events and user interactions in virtualized and embedded (kiosk mode) environments |
cltr_data_channel_protocol | enum |
| NU | Specifies if the Collector data is sent over TCP or UDP |
cltr_dns_res_preference | enum | Windows | NU | Indicates the DNS resolution preference for Collector in terms of IP protocol version on the device |
cltr_engage_service_status | enum |
| NU | Indicates whether Engage is enabled or disabled |
cltr_freezes_monitoring | enum | Windows | NU | Indicates whether the Collector is monitoring for unresponsive applications on the device |
cltr_installs_scan_interval | integer | Windows | NU | Indicates the interval, in hours, after which the Collector checks for newly installed packages and updates |
cltr_is_visible | enum | Windows | NU | Indicates whether Collector is hidden in the "Add or Remove Programs" |
cltr_log_level | enum |
| NU | Indicates the Collector log level |
cltr_max_segment_size | integer | Windows | NU | Indicates the maximum segment size of packets sent by Collector |
cltr_ra_execution_policy | enum | Windows | NU | Indicates the Powershell script execution policy |
cltr_smb_print_mon_status | enum | Windows | NU | Indicates whether SMB printing monitoring is enabled or disabled |
cltr_string_tag | string |
| NU | Indicates the Collector string tag |
cltr_web_mon_status | enum | Windows | NU | Indicates whether Web & Cloud monitoring is enabled or disabled |
collector_distinguished_name | string | Windows | NU | Indicates the distinguished name (DN) as seen:
|
collector_installation_log | string | Windows | NU | Link to the last Nexthink Collector installation error log |
collector_package_target_version | version |
| NU | Indicates the Collector package version that is targeted. |
collector_print_monitoring_status | enum | Windows | NU | Indicates whether the Collector printing monitoring is enabled or disabled |
collector_status | enum |
| NU | Indicates the status of the Nexthink Collector package installed on the device:
|
collector_tag | integer | Windows | – | Collector installation tag |
collector_update_status | enum | Windows | – | Current status of Nexthink Collector Updater |
collector_version | version |
| – | Version number of Nexthink Collector installation |
cpu_frequency | mhz |
| NU | CPU frequency |
cpu_model | string |
| NU | CPU model |
database_usage | permill |
| – | Percentage of the database used by information related with the device |
device_encryption_required | boolean | – | NU | Indicates whether device encryption is required. |
device_manufacturer | string |
| NU | Indicates the device manufacturer. |
device_model | string |
| NU | Indicates the model of the device. |
device_password_required | boolean | – | NU | Indicates whether a password is required on the device. |
device_product_id | string |
| NU | Device product ID |
device_product_version | string |
| NU | Device product version |
device_serial_number | string |
| NU | Indicates the device serial number. |
device_type | enum |
| – | Type of device (desktop, laptop, server, mobile) |
device_uid | md5 |
| – | Indicates the universally unique identifier (based on Engine name and device ID) |
device_uuid | string |
| – | Indicates the device universally unique identifier (UUID) |
directory_service_site | string | Windows | NU | Site (or location) of an Active Directory (AD) service |
disks_manufacturers | string | Windows | – | Hard disks manufacturers |
disks_smart_index | percent | Windows | NU | Lowest S.M.A.R.T. index of installed hard disks (index is based on S.M.A.R.T. attributes) |
distinguished_name | string | Windows | NU | Indicates the distinguished name (DN) as seen:
|
eas_access_state | enum | – | – | Indicates whether the device can access the Exchange ActiveSync server. The possible states are:
|
eas_access_state_reason | enum | – | – | Indicates the reason for the device access state. The possible values are:
|
eas_device_access_rule | string | – | – | Indicates the name of the access rule. An access rule allows, blocks or quarantines devices based on the device type, model, OS or user agent characteristics. |
eas_device_identity | string | – | – | Indicates the identity of the device in Exchange ActiveSync Server. |
eas_exemption | enum | – | – | Indicates whether a personal exemption is set for the device and its user. Possible values are:
|
eas_policy_application_status | enum | – | – | Indicates whether the Exchange ActiveSync policy is applied or not. Possible values are:
|
eas_policy_name | string | – | – | Indicates the name of the Exchange ActiveSync policy applied to the user's mailbox. |
eas_policy_update | datetime | – | – | Indicates the last time the Exchange ActiveSync policy was updated on the device. |
email_attachment_enabled | boolean | – | NU | Indicates whether attachments can be downloaded to the mobile device through the Exchange ActiveSync protocol. |
enforce_password_history | integer | Windows | NU | Indicates the number of unique passwords that have to be associated with a user account before an old password can be reused. |
entity | string |
| – | Entity |
extended_logon_duration_baseline | millisecond | Windows | NU | Extended logon duration baseline |
firewall_name | string | Windows | NU | Name of the main firewall |
firewall_rtp | enum | Windows | – | Indicates whether the firewall real time protection (RTP) is active:
|
first_seen | datetime |
| NU | Indicates the first time when the activity of the device was recorded:
|
graphical_card_ram | byte | Windows | NU | Amount of RAM of the graphical card with most RAM |
graphical_cards | string | Windows | – | Installed graphical cards |
group_name | string |
| NU | Name of computer domain or workgroup |
guest_account_status | enum | Windows | – | Determines if the Guest account is enabled or disabled. |
hard_disks | string |
| NC | List of all hard disks |
id | identifier |
| – | Unique device identifier |
internet_security_settings | enum | Windows | – | Internet security settings (ok, at risk or unknown) |
ip_addresses | ip_address |
| – | List of IP addresses for the device |
is_collector_distinguished_name_truncated | boolean | Windows | – | Flag indicating whether the collector DN is truncated or not |
is_directory_service_site_truncated | boolean | Windows | – | Flag indicating whether the DS site is truncated or not |
last_boot_duration | millisecond | Windows | NU | Last boot time duration |
last_extended_logon_duration | millisecond | Windows | NU | Last extended logon duration |
last_ip_address | ip_address |
| NU | Last IP address assigned to the device |
last_known_connection_status | enum |
| NU | Indicates the last known connection status of the device:
|
last_local_ip_address | ip_address |
| NU | Last local IP address assigned to the device |
last_logged_on_user | string | Windows | NU | Last logged on user |
last_logon_duration | millisecond | Windows | NU | Last user logon duration |
last_logon_time | datetime | Windows | NU | Last logon time |
last_seen | datetime |
| NU | Indicates the last time that activity on the device was reported:
|
last_seen_on_tcp | datetime |
| NU | Indicates the last time that the device was successfully connected through the TCP channel.
|
last_system_boot | datetime |
| NU | Last boot time |
last_update | datetime |
| NU | Indicates the last Collector update time. |
last_update_status | enum |
| NU | Indicates the status of the last Collector update:
|
last_updater_request | datetime | Windows | NU | Last time Nexthink Updater checked for updates |
last_windows_update | datetime | Windows | NU | Time of last system Update |
local_administrators | string | Windows | – | Users and groups which are members of the Local Administrators group on the device and are active/enabled. |
local_power_users | string | Windows | – | Users and groups which are members of the Local Powers Users group on the device. |
logical_cpu_number | integer |
| NU | Indicates the number of cores multiplied by the number of threads that can run on each core through the use of hyperthreading. |
logical_drives | string |
| – | List of all logical drives |
mac_addresses | mac_address |
| – | List of MAC addresses for the device |
maximum_password_age | integer | Windows | NU | Indicates the period in time (in days) during which the password can be used before the system requires the user to change it:
|
membership_type | enum | Windows | – | Type of computer membership (domain/workgroup) |
minimum_password_age | integer | Windows | NU | Period of time (in days) that a password must be used before the user can change it. |
minimum_password_length | integer | Windows | NU | Least number of characters that a password for a user account may contain. |
monitor_models | string | Windows | – | Models of connected monitors |
monitor_resolutions | string | Windows | – | Screen resolutions of connected monitors |
monitors | string | Windows | – | Connected monitors |
monitors_serial_numbers | string | Windows | – | Serial numbers of connected monitors (ordered as in 'Monitors') |
name | string |
| – | Indicates the name of the device:
|
number_of_antispyware | enum | Windows | – | Number of antispyware detected:
|
number_of_antiviruses | enum | Windows | – | Number of antiviruses detected:
|
number_of_cores | integer |
| NU | Number of cores |
number_of_cpus | integer |
| NU | Number of CPUs |
number_of_days_since_first_seen | integer |
| NU | Number of days since activity of the device was first recorded in the system. |
number_of_days_since_last_boot | integer |
| NU | Number of days since last full boot |
number_of_days_since_last_eas_policy_update | integer | – | NU | Indicates the number of days since the last Exchange ActiveSync policy update. |
number_of_days_since_last_logon | integer | Windows | NU | Number of days since last logon |
number_of_days_since_last_seen | integer |
| NU | Indicates the number of days since the last time the device was seen by Nexthink. The field is updated whenever device activity is detected:
|
number_of_days_since_last_seen_on_tcp | integer | Windows | NU | Indicates the number of days since the last time the device was successfully connected through the TCP channel. '-': The Collector is an older version that does not support TCP. |
number_of_days_since_last_windows_update | integer | Windows | NU | Number of days since last system Update |
number_of_firewalls | enum | Windows | – | Number of firewalls detected:
|
number_of_graphical_cards | integer | Windows | – | Number of installed graphical cards |
number_of_monitors | integer |
| – | Number of connected monitors |
os_architecture | enum |
| – | Architecture of device operating system (x86/x64/ARM64) |
os_build | version | Windows | – | Indicates the build number of the operating system. |
os_version_and_architecture | string |
| NU | Indicates name, version and architecture (when applicable) of the operating system.
|
password_complexity_requirements | enum | Windows | – | Indicates whether password complexity is required:
|
platform | enum |
| – | Indicates the platform of the device. A platform is a set of operating system families on which the same objects, activities, events and properties can be retrieved. The possible values are:
|
privileges_of_last_logged_on_users | enum | Windows | – | Privileges of the last logged on user (user, power user, administrator) |
sd_card_encryption_required | boolean | – | NU | Indicates whether SD card encryption is required. |
sid | sid | Windows | NU | Windows security identifier for the device. |
storage_policy | enum |
| – | Indicates the event storage policy for the device. Possible values are:
|
system_drive_capacity | byte |
| – | Total capacity of system drive |
system_drive_free_space | byte |
| – | Total available free space on system drive |
system_drive_usage | percent |
| NU | Use percentage of system drive |
total_active_days | day |
| – | Total number of days the device was active. |
total_drive_capacity | byte |
| – | Total capacity of all drives |
total_drive_free_space | byte |
| – | Total free space on all drives |
total_drive_usage | permill |
| NU | Total use percentage of all drives |
total_nonsystem_drive_capacity | byte |
| – | Total capacity of all non-system drives |
total_nonsystem_drive_free_space | byte |
| – | Total free space on all non-system drives |
total_nonsystem_drive_usage | percent |
| NU | Total use percentage of all non-system drives |
total_ram | byte |
| NU | Total amount of RAM |
updater_error | string | Windows | – | Last Nexthink Collector Updater error |
updater_version | version | Windows | – | Nexthink Collector Updater version |
upgrade_group | enum |
| NU | Indicates the update group of Nexthink Collector:
|
user_account_control_status | enum | Windows | – | User account control status (ok, at risk or unknown) |
windows_license_key | string | Windows | NU | Windows license key |
windows_updates_status | enum | Windows | – | Windows update status (ok, at risk or unknown) |
wmi_status | enum | Windows | – | Windows WMI service status (ok, failure) |
domain
A domain is a domain name e.g. www.nexthink.com. Platforms:
Name | Type | Operating system | Properties | Description |
database_usage | permill |
| – | Percentage of the database used by information related with the domain |
domain_category | string |
| SE | Indicates the category of the domain:
|
first_seen | datetime |
| NU | The first time the domain has been seen. |
hosting_country | string |
| SE | Indicates in which country the domain is hosted:
|
hostname | string |
| NU | The hostname of the fully qualified domain name |
id | identifier |
| – | Unique domain identifier |
internal_domain | boolean |
| – | Indicates whether the domain is considered internal:
|
last_seen | datetime |
| NU | The last time the domain has been seen. |
name | string |
| – | The fully qualified domain name |
protocol | enum |
| – | Protocols used in web requests (HTTP, TLS, HTTP/TLS) |
response_size | byte |
| – | Total web incoming traffic |
storage | enum |
| – | Event storage policy for the domain (web request or none) |
threat_level | enum |
| SE | Indicates the threat level of the domain:
|
executable
An application is a executable programs e.g. 'winword.exe'. Platforms:
Name | Type | Operating system | Properties | Description |
application_company | string |
| – | Application company |
application_name | string |
| – | Application name |
database_usage | permill |
| – | Percentage of the database used by information related with the executable. |
description | string | Windows | – | Executable description |
first_seen | datetime |
| NU | First time activity of the executable was recorded on any device. |
id | identifier |
| – | Unique executable identifier |
known_packages | string |
| – | List of packages known to contain the executable. This list is not exhaustive: The presence of a package does not necessarily imply that on a given device the executable was installed through that package. |
last_seen | datetime |
| NU | Last time activity of the executable was recorded on any device. |
name | string |
| – | Executable name |
platform | enum |
| – | The platform (operating system family) on which the executable is running. |
storage_policy | enum |
| – | Indicates the event storage policy for the executable. Possible values are:
|
total_active_days | day |
| – | Total number of days the executable was active. |
package
A package is a software packages (programs or updates). Platforms:
Name | Type | Operating system | Properties | Description |
first_installation | datetime | Windows | NU | Time of first installation |
first_seen | datetime |
| NU | The first time the package has been seen. |
id | identifier |
| – | Unique package identifier |
name | string |
| – | Package name |
number_of_updates | integer | Windows | – | Number of updates (for programs) |
platform | enum |
| – | The platform (operating system family) on which the package is installed. |
program | string |
| – | Package program |
publisher | string |
| NU | Package publisher |
status | enum |
| – | Package status (installed/removed) |
type | enum |
| – | Package type (program/update) |
version | string |
| NU | Package version |
windows_7_32bit_compatibility | string | Windows | DE | Indicates the Windows 7 (32-bit) compatibility of the package:
|
windows_7_64bit_compatibility | string | Windows | DE | Indicates the Windows 7 (64-bit) compatibility of the package:
|
port
A port is a TCP or UDP connection ports. Platforms:
Name | Type | Operating system | Properties | Description |
first_seen | datetime |
| NU | First time activity of the port was recorded on any device. |
id | identifier |
| – | Unique port identifier |
last_seen | datetime |
| NU | Last time activity of the port was recorded on any device. |
port_number | integer |
| – | Port number |
port_type | enum |
| – | Port type (tcp, udp, tcp port scan, udp port scan) |
port_value | port |
| – | Port value for tagging |
printer
A printer is an installed printers (local, network, shared or virtual). Platforms:
Name | Type | Operating system | Properties | Description |
first_seen | datetime | Windows | NU | First time activity of the printer was recorded on any device. |
host_name | string | Windows | – | Host name |
id | identifier | Windows | – | Unique print identifier |
last_seen | datetime | Windows | NU | Last time activity of the printer was recorded on any device. |
location | string | Windows | NU | Printer location |
model | string | Windows | – | Printer model |
name | string | Windows | – | Printer name |
real_name | string | Windows | – | Most frequently seen display name |
type | enum | Windows | – | Printer type (local/remote) |
service
A service represents an IT service in your organization, such as the mail service or the directory service. Services are either based on TCP connections (for Windows and Mac devices) or on web requests (for Windows devices only). Platforms:
Name | Type | Operating system | Properties | Description |
id | integer |
| – | Unique service identifier |
name | string |
| – | Service name |
status | enum |
| – | Service status (active, error) |
type | enum |
| – | Type of service (network, web) |
url_path
A url_path is a URL path after the domain name e.g. [www.nexthink.com]/awards/. Platforms:
Name | Type | Operating system | Properties | Description |
id | identifier |
| – | Unique url path identifier |
path | string |
| – | The URL path |
user
A user is an object that represents an individual account in a device (local user) or in a group of devices (domain user). The account may identify a physical user or a system user. Platforms:
Name | Type | Operating system | Properties | Description |
country | string |
| – | Country of user as listed in active directory |
database_usage | permill |
| – | Percentage of the database used by information related with the binary |
department | string |
| – | User department as listed in active directory |
distinguished_name | string |
| NU | Active directory distinguished name (DN) |
first_seen | datetime |
| NU | First time activity of the user was recorded on any device. |
full_name | string |
| NU | Full user name as listed in active directory |
id | identifier |
| – | Unique user identifier |
job_title | string |
| NU | Job title as listed in active directory |
last_seen | datetime |
| NU | Last time activity of the user was recorded on any device. |
locality | string |
| – | Locality of user as listed in active directory |
location | string |
| – | Location of user as listed in active directory |
name | string |
| – | User logon name |
number_of_days_since_last_seen | integer |
| NU | Indicates the number of days since the last time the user was seen by Nexthink. The field is updated whenever user activity is detected. |
org_unit | string |
| – | Organisational unit of User as listed in active directory |
seen_on_mac_os | boolean |
| – | Indicates if the user has been seen on a Mac device. |
seen_on_mobile | boolean |
| – | Indicates if the user has been seen on a Mobile device. |
seen_on_windows | boolean |
| – | Indicates if the user has been seen on a Windows device. |
sid | sid |
| NU | Indicates the Windows security identifier for the user. For Mac OS, '-' means that the user is not in Active Directory. |
total_active_days | day |
| – | Total number of days the user was active. |
type | enum |
| – | Type of user (local/domain/system) |
user_uid | md5 |
| – | Indicates the universally unique identifier |
Events
connection
A connection is a TCP connection or a UDP packet. Several identical TCP connections or UDP packets are merged when in close succession.
Platforms:
Name | Type | Operating system | Properties | Description |
cardinality | integer |
| – | Number of underlying connections, consolidated over time |
destination_ip_address | ip_address |
| – | IP address of the connection destination |
device_ip_address | ip_address |
| – | IP address of the connection source |
duration | millisecond |
| – | The time between the start of the first connection and the end of the last underlying connection. |
end_time | datetime |
| – | Connection end time, corresponding to the moment when the last underlying connection was closed. |
id | identifier |
| – | Unique connection identifier |
incoming_bitrate | bps |
| NU | Average incoming bitrate of all underlying connections, consolidated over time |
incoming_traffic | byte |
| – | Incoming traffic |
network_interface_iana_code | string |
| – | (beta) Indicates the network interface IANA code. |
network_interface_index | integer |
| – | (beta) Indicates the network interface index. |
network_interface_type | enum |
| – | (beta) Indicates the network interface type. Possible values are:
|
network_response_time | microsecond |
| – | TCP connection establishment time |
outgoing_bitrate | bps |
| NU | Average outgoing bitrate of all underlying connections, consolidated over time |
outgoing_traffic | byte |
| – | Outgoing traffic |
start_time | datetime |
| – | Connection start time |
status | enum |
| – | Status of the connection (established, rejected, no service, no host, closed) |
type | enum |
| – | Type of the connection (tcp, udp) |
device_activity
A device_activity is a device activity (boot or activity).
Platforms:
Name | Type | Operating system | Properties | Description |
boot_type | enum |
| NU | Boot type of the boot activity |
duration | millisecond | Windows | – | Boot duration (timed between kernel start and launch of 'logonui.exe' process) or online duration |
id | identifier |
| – | Boot event identifier |
time | datetime |
| – | Time of boot |
type | enum |
| – | Activity event information |
device_error
A device_error is a critical system errors (system crash, hard reset, or disk error).
Platforms:
Name | Type | Operating system | Properties | Description |
error_code | integer |
| – | Error code |
error_label | string |
| – | Error label |
id | identifier |
| – | Problem identifier |
start_time | datetime |
| – | Time of error |
type | enum |
| – | Indicates the device error type, with the following possible values:
|
device_performance
A device_performance reports the average IOPS, CPU and memory of a device during one hours.
Platforms:
Name | Type | Operating system | Properties | Description |
average_cpu_usage | permill | Windows | – | Average CPU usage on the period |
average_memory_usage | byte | Windows | – | Average memory usage on the period |
cpu_queue_length | integer | Windows | – | Average CPU queue length on the period |
duration | millisecond | Windows | – | Total report duration |
end_time | datetime | Windows | – | Report end time |
id | identifier | Windows | – | Unique report identifier |
normalized_cpu_usage | permill | Windows | – | Average CPU usage on the period normalized by the available logical CPUs |
read_operations | integer | Windows | NU | Total disk read operations accumulated during the period |
start_time | datetime | Windows | – | Start time |
write_operations | integer | Windows | NU | Total disk write operations accumulated during the period |
device_warning
A device_warning is a peak in device resource usage (CPU, memory or I/O).
Platforms:
Name | Type | Operating system | Properties | Description |
duration | millisecond |
| – | Performance event duration |
end_time | datetime |
| – | Performance event end time |
id | identifier |
| – | Unique performance event identifier |
info | string |
| – | Performance event information |
start_time | datetime |
| – | Performance event start time |
type | enum |
| – | Type of the device warning, one of:
|
value | percent |
| – | Performance percentage |
warning_duration | millisecond |
| – | Indicates the duration of the warning. This duration can be shorter than the event duration when the warning is not continuous. |
execution
An execution is a process executing on a device. Serveral executions of the same process are merged when in close succession.
Platforms:
Name | Type | Operating system | Properties | Description |
average_memory_usage | byte |
| – | Average memory usage per execution |
binary_path | path |
| – | Executed binary path |
cardinality | integer |
| – | Number of underlying processes, consolidated over time |
duration | millisecond |
| – | Total execution duration |
end_time | datetime |
| – | Execution end time |
focus_time | millisecond |
| NU | Focus time |
id | identifier |
| – | Unique execution identifier |
incoming_tcp_traffic | byte |
| – | Incoming TCP traffic |
incoming_udp_traffic | byte |
| – | Incoming UDP traffic |
memory_usage | byte |
| – | Average memory usage |
outgoing_tcp_traffic | byte |
| – | Outgoing TCP traffic |
outgoing_udp_traffic | byte |
| – | Outgoing UDP traffic |
privilege_level | enum |
| – | Privilege level of the execution (user, power user, administrator) |
start_time | datetime |
| – | Execution start time |
startup_duration | millisecond | Windows | NU | Startup duration |
status | enum |
| – | Status of the execution (started, stopped) |
total_cpu_time | millisecond |
| – | Total CPU time |
execution_error
An execution_error is application errors (crash or not responding)
Platforms:
Name | Type | Operating system | Properties | Description |
id | identifier |
| – | Error identifier |
info | string |
| – | Error event information |
time | datetime |
| – | Time of error |
type | enum |
| – | Type of the execution error (application not responding, crash) |
execution_warning
An execution_warning is a peak in application resource usage (CPU or memory).
Platforms:
Name | Type | Operating system | Properties | Description |
duration | millisecond |
| – | Performance event duration |
end_time | datetime |
| – | Performance event end time |
id | identifier |
| – | Unique performance event identifier |
info | string |
| – | Performance event information |
start_time | datetime |
| – | Performance event start time |
type | enum |
| – | Type of the execution warning (high cpu usage, high memory usage) |
value | percent |
| – | Performance percentage |
warning_duration | millisecond |
| – | Indicates the duration of the warning. This duration can be shorter than the event duration when the warning is not continuous. |
installation
A installation is the installation or uninstallation of a Software packages (programs or updates).
Platforms:
Name | Type | Operating system | Properties | Description |
id | identifier |
| – | Unique deployment identifier |
time | datetime |
| – | Installation start time |
type | enum |
| – | Type of operation (installation, uninstallation) |
network_scan
A network scan is a sequence of failed TCP connections or UDP packets made to the same port to more than 50 destinations within a few seconds.
Platforms:
Name | Type | Operating system | Properties | Description |
cardinality | integer |
| – | Number of underlying connections, consolidated over time |
device_ip_address | ip_address |
| – | IP address of the connection source |
duration | millisecond |
| – | The time between the start of the first connection and end of the last underlying connection |
end_time | datetime |
| – | Scanning end time, corresponding to the moment when the last underlying connection was closed. |
id | identifier |
| – | Unique scanning identifier |
network | ip_network |
| – | Minimum IP network including all scanned destinations |
start_time | datetime |
| – | Scanning start time |
status | enum |
| – | Status of the Scanning (established, closed) |
type | enum |
| – | Type of the port scanning (tcp, udp) |
port_scan
A port scan is a sequence of failed TCP connections or UDP packets made to the same destination to more than 50 ports within a few seconds.
Platforms:
Name | Type | Operating system | Properties | Description |
cardinality | integer |
| – | Number of underlying connections, consolidated over time |
destination_ip_address | ip_address |
| – | IP address of the scanned destination |
device_ip_address | ip_address |
| – | IP address of the connection source |
duration | millisecond |
| – | The time between the start of the first connection and end of the last underlying connection. |
end_time | datetime |
| – | Scanning end time, corresponding to the moment when the last underlying connection was closed. |
first_scanned_port | port |
| – | First port scanning |
id | identifier |
| – | Unique scanning identifier |
last_scanned_port | port |
| – | Last port scanning |
start_time | datetime |
| – | Scanning start time |
status | enum |
| – | Status of the Scanning (established, closed) |
type | enum |
| – | Type of the port scanning (tcp, udp) |
printout
A printout is a print job processed by a printer.
Platforms:
Name | Type | Operating system | Properties | Description |
color_print | boolean | Windows | – | Color print |
document_type | string | Windows | – | Type of printed document |
duplex | boolean | Windows | – | Indicates whether the pages are printed on both sides of the sheet. |
id | identifier | Windows | – | Unique print job identifier |
number_of_printed_pages | integer | Windows | NU | Number of printed pages |
page_size | string | Windows | – | Paper size for printed pages |
print_quality | enum | Windows | – | Print quality |
size | byte | Windows | NU | Print job size in bytes |
status | enum | Windows | – | Print job status(success, error, timeout) |
time | datetime | Windows | – | Print job time |
session_performance
Sessions of a user logged on a device.
Platforms:
Name | Type | Operating system | Properties | Description |
cardinality | integer | Windows | – | Number of underlaying sessions consolidated in a bucket period |
citrix_rtt | millisecond | Windows | NU | Citrix RTT |
client_ip | ip_address | Windows | – | Client IP |
duration | millisecond | Windows | – | Session performance bucket period duration |
end_time | datetime | Windows | – | Session performance bucket end time |
id | identifier | Windows | – | Unique session performance identifier |
session_network_latency | millisecond | Windows | NU | Session network latency |
session_protocol | enum | Windows | NU | User input delay |
start_time | datetime | Windows | – | Execution start time |
user_activity
A user_activity is a user activity (logon or interactive activity).
Platforms:
Name | Type | Operating system | Properties | Description |
duration | millisecond |
| – | Indicates the time between the user logging on and the desktop being shown. |
id | identifier |
| – | User logon event identifier |
real_duration | millisecond |
| – | Indicates the time between the user logging on and the device being ready to use. Desktops and laptops are considered fully functional once the CPU usage drops below 15% and the disk usage drops below 80%, and servers once the CPU usage of all processes belonging to the corresponding user drops below 15%. |
time | datetime |
| – | Time of user logon |
type | enum |
| – | Activity event information |
web_request
A web_request is a HTTP or TLS requests.
Platforms:
Name | Type | Operating system | Properties | Description |
cardinality | integer |
| – | Number of underlying web requests, consolidated over time |
connections_duration | millisecond |
| – | The time between start of the first connection and end of the last underlying connection |
end_time | datetime |
| – | Web request end time, corresponding to the moment when the last underlying TCP connection was closed. |
http_status | http_status_code |
| NU | HTTP response status code |
id | identifier |
| – | Unique request identifier |
incoming_traffic | byte |
| – | Incoming web traffic of all underlying web requests, consolidated over time |
network_response_time | microsecond |
| – | Average TCP connection establishment time of all underlying connections, consolidated over time |
outgoing_traffic | byte |
| – | Outgoing web traffic of all underlying web requests, consolidated over time |
protocol | enum |
| – | Web request protocol (HTTP, TLS) |
protocol_version | enum |
| – | Web request protocol version |
service_related | boolean |
| – | Indicates whether the web request is related to a configured service:
|
start_time | datetime |
| – | Web request start time |
web_request_duration | millisecond |
| – | Average time between request and last response byte of all underlying requests, consolidated over time |
Relationships
A relationships is a link between object and event tables and is specified in a with clause.
connection
device
user
binary
executable
application
destination
port
service
device_activity
device
device_error
device
device_performance
device
device_warning
device
execution
device
user
binary
executable
application
execution_error
device
user
binary
executable
application
execution_warning
device
user
binary
executable
application
installation
device
package
network_scan
device
user
binary
executable
application
port
port_scan
device
user
binary
executable
application
destination
printout
device
user
printer
session_performance
device
user
user_activity
device
user
web_request
device
user
binary
executable
application
destination
port
domain
url_path
service
package
device
package
Aggregates
connection
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| FP | Number of devices |
number_of_users | integer |
| FP | Number of users |
number_of_applications | integer |
| FP | Number of applications |
number_of_executables | integer |
| FP | Number of executables |
number_of_binaries | integer |
| FP | Number of binaries |
number_of_destinations | integer |
| – | Number of destinations |
number_of_ports | integer |
| – | Number of ports |
number_of_connections | integer |
| – | Number of connections |
cumulated_connection_duration | millisecond |
| – | Cumulated duration of TCP connections |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
incoming_traffic | byte |
| NU | Total network incoming traffic |
outgoing_traffic | byte |
| NU | Total network outgoing traffic |
average_network_response_time | microsecond |
| – | Average TCP connection establishment time |
successful_connections_ratio | permill |
| NU | Percentage of successful TCP connections |
network_availability_level | availability_level |
| NU | Graded ratio of successful TCP connections (high, medium, low) |
average_incoming_bitrate | bps |
| NU | Average incoming network bitrate |
average_outgoing_bitrate | bps |
| NU | Average outgoing network bitrate |
highest_local_privilege_reached | privileges_level |
| NU | Highest local privilege level reached for executions (user, power user, administrator) |
number_of_events | integer |
| NU | Number of events |
incoming_network_traffic_per_device | byte |
| NU | Device average incoming network traffic |
outgoing_network_traffic_per_device | byte |
| NU | Device average outgoing network traffic |
total_network_traffic | byte |
| NU | Network traffic |
device_activity
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
average_boot_duration | millisecond | Windows | NU | Average boot duration |
average_logon_duration | millisecond | Windows | NU | Average user logon duration |
average_extended_logon_duration | millisecond | Windows | NU | Average extended logon duration |
number_of_boots | integer |
| NU | Number of boots |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
uptime | millisecond |
| NU | Amount of time the machine has been running |
cumulated_interaction_duration | millisecond |
| NU | Cumulated time with user interaction (mouse or keyboard events) |
number_of_events | integer |
| NU | Number of events |
device_error
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
number_of_errors | integer |
| – | Number of system errors |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
number_of_events | integer |
| NU | Number of events |
device_performance
Name | Type | Operating system | Properties | Description |
average_read_operations | integer | Windows | – | Average read IPOS |
average_write_operations | integer | Windows | – | Average write IPOS |
average_cpu_queue_length | integer | Windows | – | Average CPU queue length |
average_memory_usage | byte | Windows | NU | Average memory usage |
average_cpu_usage | percent | Windows | – | Average CPU usage |
average_normalized_cpu_usage | percent | Windows | – | Average normalized CPU usage |
device_warning
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
number_of_warnings | integer |
| – | Number of warnings |
cumulated_warning_duration | millisecond |
| NU | Cumulated duration of the warning events |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
number_of_events | integer |
| NU | Number of events |
high_device_overall_cpu_time_ratio | permill |
| NU | Indicates the ratio between the time the device is in high overall CPU usage and its uptime. |
high_device_memory_time_ratio | permill |
| NU | Indicates the ratio between the time the device is in high memory usage and its uptime. |
high_device_io_throughput_time_ratio | permill | Windows | NU | Indicates the ratio between the time the device is in high IO throughput and its uptime. |
high_device_page_faults_time_ratio | permill | Windows | NU | Indicates the ratio between the time the device is in high page faults and its uptime. |
execution
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| FP | Number of devices |
number_of_users | integer |
| FP | Number of users |
number_of_applications | integer |
| FP | Number of applications |
number_of_executables | integer |
| FP | Number of executables |
number_of_binaries | integer |
| FP | Number of binaries |
number_of_executions | integer |
| – | Number of executions |
cumulated_execution_duration | millisecond |
| NU | Cumulated duration of executions |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
incoming_traffic | byte |
| NU | Total network incoming traffic |
outgoing_traffic | byte |
| NU | Total network outgoing traffic |
highest_local_privilege_reached | privileges_level |
| NU | Highest local privilege level reached for executions (user, power user, administrator) |
number_of_events | integer |
| NU | Number of events |
average_memory_usage_per_execution | byte |
| NU | Average memory usage per execution |
memory_usage | byte |
| NU | Memory usage |
focus_time | millisecond |
| NU | Focus time |
cpu_usage_ratio | permill |
| NU | Average CPU usage |
total_cpu_time | millisecond |
| NU | Total CPU time |
average_process_start_time | millisecond | Windows | NU | Average process start time |
incoming_network_traffic_per_device | byte |
| NU | Device average incoming network traffic |
outgoing_network_traffic_per_device | byte |
| NU | Device average outgoing network traffic |
total_network_traffic | byte |
| NU | Network traffic |
execution_error
Name | Type | Operating system | Properties | Description |
application_not_responding_event_ratio | permill |
| NU | Application not responding event ratio |
application_crash_ratio | permill |
| NU | Application crash ratio |
number_of_application_not_responding_events | integer |
| – | Number of application not responding events |
number_of_application_crashes | integer |
| – | Number of application crashes |
number_of_devices | integer |
| – | Number of devices |
number_of_users | integer |
| – | Number of users |
number_of_applications | integer |
| – | Number of applications |
number_of_executables | integer |
| – | Number of executables |
number_of_binaries | integer |
| – | Number of binaries |
number_of_errors | integer |
| – | Number of errors |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
number_of_events | integer |
| NU | Number of events |
execution_warning
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
number_of_users | integer |
| – | Number of users |
number_of_applications | integer |
| – | Number of applications |
number_of_executables | integer |
| – | Number of executables |
number_of_binaries | integer |
| – | Number of binaries |
number_of_warnings | integer |
| – | Number of warnings |
cumulated_warning_duration | millisecond |
| NU | Cumulated duration of the warning events |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
number_of_events | integer |
| NU | Number of events |
high_application_thread_cpu_time_ratio | permill |
| NU | High application thread CPU time ratio |
installation
Name | Type | Operating system | Properties | Description |
number_of_packages | integer |
| – | Number of packages |
number_of_devices | integer |
| – | Number of devices |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
number_of_installations | integer |
| – | Number of installations |
number_of_events | integer |
| NU | Number of events |
network_scan
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
number_of_users | integer |
| – | Number of users |
number_of_applications | integer |
| – | Number of applications |
number_of_executables | integer |
| – | Number of executables |
number_of_binaries | integer |
| – | Number of binaries |
number_of_ports | integer |
| – | Number of ports |
number_of_connections | integer |
| – | Number of connections |
cumulated_scan_duration | millisecond |
| NU | Cumulated duration of the network scan |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
incoming_traffic | byte |
| NU | Total network incoming traffic |
outgoing_traffic | byte |
| NU | Total network outgoing traffic |
number_of_events | integer |
| NU | Number of events |
incoming_network_traffic_per_device | byte |
| NU | Device average incoming network traffic |
outgoing_network_traffic_per_device | byte |
| NU | Device average outgoing network traffic |
total_network_traffic | byte |
| NU | Network traffic |
package
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| FP | Number of devices |
number_of_packages | integer |
| FP | Number of packages |
port_scan
Name | Type | Operating system | Properties | Description |
number_of_devices | integer |
| – | Number of devices |
number_of_users | integer |
| – | Number of users |
number_of_applications | integer |
| – | Number of applications |
number_of_executables | integer |
| – | Number of executables |
number_of_binaries | integer |
| – | Number of binaries |
number_of_connections | integer |
| – | Number of connections |
number_of_destinations | integer |
| – | Number of destinations |
cumulated_scan_duration | millisecond |
| NU | Cumulated duration of the network scan |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
incoming_traffic | byte |
| NU | Total network incoming traffic |
outgoing_traffic | byte |
| NU | Total network outgoing traffic |
number_of_events | integer |
| NU | Number of events |
incoming_network_traffic_per_device | byte |
| NU | Device average incoming network traffic |
outgoing_network_traffic_per_device | byte |
| NU | Device average outgoing network traffic |
total_network_traffic | byte |
| NU | Network traffic |
printout
Name | Type | Operating system | Properties | Description |
number_of_devices | integer | Windows | – | Number of devices |
number_of_users | integer | Windows | – | Number of users |
number_of_printers | integer | Windows | – | Number of printers |
number_of_printed_pages | integer | Windows | – | Number of printed pages |
number_of_printouts | integer | Windows | – | Number of print jobs |
activity_start_time | datetime | Windows | NU | Start time of investigated activity |
activity_stop_time | datetime | Windows | NU | Stop time of investigated activity |
number_of_events | integer |
| NU | Number of events |
session_performance
Name | Type | Operating system | Properties | Description |
session_duration | millisecond | Windows | NU | Session duration |
average_citrix_rtt | millisecond | Windows | NU | Average Citrix RTT |
average_session_network_latency | millisecond | Windows | NU | Average session network latency |
user_activity
Name | Type | Operating system | Properties | Description |
number_of_devices | integer | Windows | – | Number of devices |
number_of_users | integer |
| – | Number of users |
number_of_logons | integer | Windows | – | Number of user logons |
activity_start_time | datetime | Windows | NU | Start time of investigated activity |
activity_stop_time | datetime | Windows | NU | Stop time of investigated activity |
cumulated_interaction_duration | millisecond | Windows | NU | Cumulated time with user interaction (mouse or keyboard events) |
average_logon_duration | millisecond | Windows | NU | Average user logon duration |
average_extended_logon_duration | millisecond | Windows | NU | Average extended logon duration |
number_of_events | integer |
| NU | Number of events |
web_request
Name | Type | Operating system | Properties | Description |
total_web_traffic | byte |
| NU | Web traffic |
outgoing_web_traffic_per_device | byte |
| NU | Outgoing web traffic per device |
incoming_web_traffic_per_device | byte |
| NU | Incoming web traffic per device |
number_of_devices | integer |
| FP | Number of devices |
number_of_domains | integer |
| FP | Number of domains |
number_of_users | integer |
| FP | Number of users |
number_of_applications | integer |
| FP/NU | Number of applications |
number_of_executables | integer |
| FP | Number of executables |
number_of_binaries | integer |
| FP | Number of binaries |
number_of_destinations | integer |
| – | Number of destinations |
number_of_ports | integer |
| – | Number of ports |
activity_start_time | datetime |
| NU | Start time of investigated activity |
activity_stop_time | datetime |
| NU | Stop time of investigated activity |
average_network_response_time | microsecond |
| – | Average TCP connection establishment time |
highest_local_privilege_reached | privileges_level |
| NU | Highest local privilege level reached for executions (user, power user, administrator) |
number_of_web_requests | integer |
| – | Number of web requests |
protocols_used_in_requests | web_protocol_combination |
| NU | Protocols used in web requests (HTTP, TLS, HTTP/TLS) |
lowest_protocol_version | min_web_protocol_version |
| NU | Lowest protocol version observed in web requests (excluding web requests with unknown protocol version) |
incoming_traffic | byte |
| NU | Total web incoming traffic |
outgoing_traffic | byte |
| NU | Total web outgoing traffic |
average_incoming_bitrate | bps |
| NU | Average incoming bitrate of all underlying web requests, consolidated over time |
average_outgoing_bitrate | bps |
| NU | Average outgoing bitrate of all underlying web requests, consolidated over time |
cumulated_web_request_duration | millisecond |
| NU | Cumulated duration of web requests |
cumulated_web_interaction_duration | millisecond |
| NU | Cumulated time during which web requests occurred, counted with a 5 minutes resolution. |
average_request_size | byte |
| NU | Average size of web requests |
average_response_size | byte |
| NU | Average size of web responses |
average_request_duration | millisecond |
| – | Average time between request and last response byte |
successful_http_requests_ratio | permill |
| NU | Percentage of successful HTTP requests (1xx, 2xx and 3xx) |
number_of_events | integer |
| NU | Number of events |
Definitions
The following document lists all objects, fields and aggregates available through NXQL. Each field and aggregate have a name, a type, properties and a description.
Platforms can have the following values:
W: The field, aggregate or table is available on the Windows platform.
X: The field, aggregate or table is available on the Mac OS platform.
M: The field, aggregate or table is available on the Mobile platform.
Properties can have the following values:
DE: The field or aggregate is deprecated.
PB: The field or aggregate is in Public Beta.
FP: The field or aggregate can be used without a between clause.
NU: The field or aggregate can be nil.
SE: The field or aggregate is only available with a license containing the security feature.
WE: The field or aggregate is only available with a license containing the web monitoring feature.
NC: The field is not comparable.
Last updated