Transparent Context
Transparent Context in nzyme means context that is automatically created by observing related traffic or querying other APIs and services.
It is created automatically but can be edited to add additional information manually. All transparently created context is listed on the Context pages of your nzyme web interface, with a note that it was created automatically.
Transparent MAC Address Context
MAC addresses are automatically transparently enriched with IP addresses and hostnames whenever possible and if at
least one Ethernet adapter in your nzyme-tap configuration file has a network with DNS servers and injection
interface configured. It requires ARP or DHCP traffic for enrichment.
Enriching MAC Addresses with IP Addresses
Nzyme enriches MAC addresses with their corresponding IP addresses by analyzing related ARP and DHCP traffic.
Enriching MAC Addresses with Hostnames
Nzyme enriches MAC address with their corresponding hostnames by analyzing DHCP traffic as well as by issuing PTR
(reverse DNS) queries to DNS servers.
Retention/Refresh Times
The local ARP and DHCP tables are cleaned on each nzyme-tap startup and start empty. Additionally, data is cleaned
regularly, according to the following configuration parameters in the [misc] section of the nzyme-tap configuration
file:
Any data that has not seen for as long as that configuration specifies will be cleaned and discarded.
Each nzyme-tap will regularly report it's entire local table data to an nzyme-node.
The nzyme database is retention cleaning all context that has not been seen for longer than 24 hours.