Page tree

Asset Manager tables store device data in your Asset Manager warehouse.

Several of the most frequently used view-type tables are available in the query builder. The rest are listed on the Settings > Tables page.



Data discovered and indexed natively by Asset Manager (not ingested) are displayed in Tables. To make outside data available, you'll need to add a table for it. 

See Adding & Managing Tables for the procedures to add, edit, and delete tables.

There are three types of tables in Asset Manager:

  1. Managed primary - Tables to which parser specifications and data files are required. Work with us to prepare these starter files for you. Asset Manager's analytics platform loads and manages the data, determines the table fields and data types, and creates indexes to it.
  2. External - Tables preconfigured by Asset Manager. Users can create a table of table type External. 
  3. View Traditional RDBMS views with SQL providing the data set. In general, views are joined from multiple sources.

Data Structures in Asset Manager

Asset Manager represents, extracts, and displays data from the data warehouse. Some of this data is generated by Asset Manager proper, others are ingested from outside feeds and integrated systems. Views express data fields joined across multiple tables. Queries are requests processed against tables to retrieve network data-of-interest. Results are made available at the GUI level in tables and views, both of which surface network data in a grid format (i.e., rows and columns, spreadsheet-like). 

In summary, 

  • Table - Set of related data. Single source.
  • View -  Set of related data joined from multiple sources.
  • Query - Structured request for data processed against tables and/or views to extract data from them.

Table

Tables organize data. Each table is a set of related data. Each row is a record; each column is the data type and the column header identifies that type.

Following is a table, with the PostgreSQL query and fields indicated.


  View  

Views also represent data.  When the fields of one or more tables are combined (i.e., joined), the result is a view.

Views are visually indistinguishable from tables, but when you open the SQL query from which a view was generated, it frequently (but not always) contains "joins," indicating the fields on which multiple tables and/or views were joined. 

View Query, Fields or Properties

To see the data associated with any table, select the row for the table of interest.

      1. Click the Properties, Fields, or Query tab on the right.

        PropertiesFieldsQuery


Query

A query is the method by which data is extracted from a table or a view. Examples follow. 

Inbound Leaks - All Zones

Zombie Devices Summary 

Threat Feed Devices - All Zones

Model

When fields  (i.e., columns) are to be joined across tables or views, the model specifies which columns should be exposed. Models correlate external data with core data.

To see the set of views generated via models and made available to users, navigate to  Search > Advanced Queries > Add Query > Edit icon > Query Builder


  • No labels