Application Control Url Filtering

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name	Rule Type	Common Event	Classification
Application Control Url Filtering	Base Rule	Application Control Detection	Activity

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Product	<version>	Text/String
Origin	<sender>	Number/Text
Action	<action>	Number/Text
Action	<tag1>	Number/Text
SIP	<sip>	Number
SPort	<sport>	Number
DIP	<dip>	Number
DPort	<dport>	Number
Protocol	<protname>	Number
IFName	<sinterface>	Number/Text
IFDirection	<tag2>	Number/Text
Reason	<reason>	Text/String
Info	<vendorinfo>	Number/Text
XlateDIP	<dnatip>	Number/Text
User	<login>	Number/Text
url	<url>	Number/Text
src_machine_name	<sname>	Number/Text
dst_machine_name	<dname>	Number/Text
src_user_name	<login>	Number/Text
dst_user_name	<account>	Number/Text