Device Security
Nozomi CMC Attribute Reference
Table of Contents
Expand All
|
Collapse All
Device Security Docs
Nozomi CMC Attribute Reference
This reference lists the attributes that Device Security collects from Nozomi CMC,
their names as stored in Device Security, and the Device Security device fields
they map to.
Device Security integrates with Nozomi Networks CMC to enrich the device inventory
with OT and network visibility data. The attributes in this reference cover device
identification, network details, and vulnerability findings collected from the
Nozomi CMC platform.
The third-party attribute name in Device Security refers to the attribute name
as it appears in the Assets Inventory table and in Query Engine. This follows the format
of third-party-name.attribute-name.
When viewing the attribute name in the Assets Inventory table column selector or on a
Device Details page, where the third-party name can be found as a header for the
attributes section, then the third-party name is removed from the attribute name.
For example, micrsoft_defender_xdr.macAddress would appear in the
Query Builder and in the Assets Inventory table, but under Device DetailsAttributesIntegration Specific AttributesMicrosoft Defender, the attribute would appear as macAddress.
Device Attributes
Device Security collects device attributes from the Nozomi CMC API. The following table lists each Nozomi CMC attribute, its name as stored in Device Security, and the Device Security device field it maps to (if applicable).
|
Nozomi CMC Attribute
|
Device Security Attribute Name
|
Device Security Common Attribute*
|
Description
|
|---|---|---|---|
|
_asset_kb_id
|
nozomi_cmc._asset_kb_id
|
—
|
Asset KB ID
|
|
appliance_hosts
|
nozomi_cmc.appliance_hosts
|
—
|
Appliance hosts
|
|
appliance_ids
|
nozomi_cmc.appliance_ids
|
—
|
Appliance IDs
|
|
appliance_sites
|
nozomi_cmc.appliance_sites
|
—
|
Appliance sites
|
|
arc_version
|
nozomi_cmc.arc_version
|
—
|
Arc version
|
|
capture_device
|
nozomi_cmc.capture_device
|
—
|
Capture device
|
|
created_at
|
nozomi_cmc.created_at
|
—
|
Created at
|
|
deleted_at
|
nozomi_cmc.deleted_at
|
—
|
Deleted at
|
|
device_id
|
nozomi_cmc.device_id
|
—
|
Device ID
|
|
end_of_sale_date
|
nozomi_cmc.end_of_sale_date
|
—
|
End of sale date
|
|
end_of_support_date
|
nozomi_cmc.end_of_support_date
|
—
|
End of support date
|
|
firmware_version
|
nozomi_cmc.firmware_version
|
latest_firmware_version
|
Firmware version
|
|
id
|
nozomi_cmc.id
|
—
|
ID
|
|
ip
|
nozomi_cmc.ip
|
—
|
IP address
|
|
ip.[0]
|
—
|
ipv4_address
|
IP address attribute collected from Nozomi CMC
|
|
is_ai_enriched
|
nozomi_cmc.is_ai_enriched
|
—
|
Indicates whether the asset is AI enriched
|
|
is_arc_enriched
|
nozomi_cmc.is_arc_enriched
|
—
|
Indicates whether the asset is ARC enriched
|
|
is_sp_enriched
|
nozomi_cmc.is_sp_enriched
|
—
|
Indicates whether the asset is SP enriched
|
|
is_ti_enriched
|
nozomi_cmc.is_ti_enriched
|
—
|
Indicates whether the asset is TI enriched
|
|
last_activity_time
|
nozomi_cmc.last_activity_time
|
Last Third-Party Activity
|
Last activity time
|
|
level
|
nozomi_cmc.level
|
—
|
Level
|
|
lifecycle
|
nozomi_cmc.lifecycle
|
—
|
Lifecycle
|
|
mac_address
|
nozomi_cmc.mac_address
|
MAC; id
|
MAC address
|
|
name
|
nozomi_cmc.name
|
Hostname
|
Name
|
|
os
|
nozomi_cmc.os
|
raw_os
|
OS
|
|
os_or_firmware
|
nozomi_cmc.os_or_firmware
|
—
|
OS or firmware
|
|
product_name
|
nozomi_cmc.product_name
|
—
|
Product name
|
|
protocols
|
nozomi_cmc.protocols
|
—
|
Protocols
|
|
roles
|
nozomi_cmc.roles
|
—
|
Roles
|
|
serial_number
|
nozomi_cmc.serial_number
|
Serial Number
|
Serial number
|
|
type
|
nozomi_cmc.type
|
—
|
Type
|
|
vendor
|
nozomi_cmc.vendor
|
Vendor
|
Vendor
|
|
vlan_id
|
nozomi_cmc.vlan_id
|
—
|
VLAN IDs
|
|
zones
|
nozomi_cmc.zones
|
—
|
Zones
|
|
zones.[0]
|
—
|
Zone
|
Zones attribute collected from Nozomi CMC
|
Vulnerability Attributes
Device Security collects vulnerability attributes from the Nozomi CMC API. The following table lists each Nozomi CMC vulnerability attribute, its name as stored in Device Security, and the Device Security vulnerability field it maps to (if applicable).
|
Nozomi CMC Attribute
|
Device Security Attribute Name
|
Device Security Common Attribute*
|
Description
|
|---|---|---|---|
|
creation_time
|
nozomi_cmc.creation_time
|
—
|
Creation Time
|
|
cve
|
nozomi_cmc.cve
|
cve
|
CVE
|
|
cwe_id
|
nozomi_cmc.cwe_id
|
—
|
CWE ID
|
|
cwe_name
|
nozomi_cmc.cwe_name
|
—
|
CWE name
|
|
epss_score
|
nozomi_cmc.epss_score
|
—
|
EPSS score
|
|
id
|
nozomi_cmc.id
|
—
|
ID
|
|
is_kev
|
nozomi_cmc.is_kev
|
—
|
Indicates whether the vulnerability is a KEV
|
|
latest_hotfix
|
nozomi_cmc.latest_hotfix
|
—
|
Latest hotfix
|
|
mac_address
|
—
|
id
|
MAC address attribute collected from Nozomi CMC
|
|
minimum_hotfix
|
nozomi_cmc.minimum_hotfix
|
—
|
Minimum hotfix
|
|
name
|
nozomi_cmc.name
|
—
|
Name
|
|
resolved
|
—
|
state
|
Resolved attribute collected from Nozomi CMC
|
|
score
|
nozomi_cmc.score
|
cvss_base_score
|
Score
|
|
source
|
nozomi_cmc.source
|
—
|
Source
|
|
summary
|
nozomi_cmc.summary
|
—
|
Summary
|
|
time
|
—
|
detected_time
|
Time attribute collected from Nozomi CMC
|
* Only some attributes map to a Device Security Common Attribute.