Guardian Community Edition now checks for COVID-19 cybersecurity indicators. Learn more

Nozomi Networks Guardian Community Edition

or Sign In


← Support | October 2019.

5 sample queries to run in your environment

Once you have data in your system, you can start running some queries to start getting insights in your network. Go to Analysis > Queries and get started with one of these sample queries:

Public URL connections with packets sent

Find out if any of your assets are connected to the internet. For most organizations with critical infrastructure, connections to the internet go against corporate policy. This query will give you insight into any open connections to the internet.

nodes | where is_public | join captured_urls ip id_dst | where joined_captured_url_ip_id_dst.size_bytes > 0.0 | select joined_captured_url_ip_id_dst.id_src->from joined_captured_url_ip_id_dst.id_dst->to joined_captured_url_ip_id_dst.protocol->protocol joined_captured_url_ip_id_dst.time->time joined_captured_url_ip_id_dst.url->url joined_captured_url_ip_id_dst.size_bytes->size_bytes

Windows Operating Systems (pie)

Build a pie chart to see a breakdown of how many of your assets are running Windows and which version of Windows they are running. This is an easy way to get a breakdown of your server assets and workstations.

assets | where os include? Win | group_by os | pie os count

Windows XP and 2003 inventory

Microsoft ended support for both Windows XP and Windows 2003. It is likely that assets running these operating systems may contain vulnerabilities that can be exploited. This is a great search to find out how many of those assets you have in your environment.

assets | where os include? XP OR os include? 2003 | select ip label mac_address mac_vendor os

New assets in the last 7 Days

Find out if any new assets have joined your network in the last 7 days. This query provides a good way to stay on top of your changing network.

assets | join nodes ip ip | where days_ago(joined_node_ip_ip.first_activity_time) <= 7 | select name ip mac_address mac_vendor protocols joined_node_ip_ip.first_activity_time->appearance_time | sort appearance_time asc

See nodes inactive in last 10 days

See which of your assets have not had any activity in the past few days. If you find any assets that are typically active but have been inactive recently, it could be an indictor that there is an issue with the machine.

nodes | where days_ago(last_activity_time) > 10

See why leading organizations are choosing Nozomi Networks.
Try out Guardian Community Edition for free.