URL Analysis Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
URL Analysis Event | Base Rule | Activity | General Threat Message |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
Header (logVer) | N/A | N/A | CEF format version |
Header (vendor) | N/A | N/A | Appliance vendor |
Header (pname) | N/A | N/A | Appliance product |
Header (pver) | N/A | N/A | Appliance version |
Header (eventid) | N/A | N/A | Signature ID |
Header (eventName) | <vendorinfo> | Text/String | Description |
Header (severity) | <severity> | Number | Severity |
cn2 | N/A | N/A | ROZ rating |
cn2label | N/A | N/A | ROZ rating label |
cn3 | N/A | N/A | PCAP ready |
cn3Label | N/A | N/A | PCAP ready label |
cs1 | N/A | N/A | Sandbox image type |
cs1Label | N/A | N/A | Sandbox image type label |
deviceExternalId | N/A | N/A | Appliance GUID |
dvc | N/A | N/A | Appliance IP address |
dvchost | N/A | N/A | Appliance host name |
dvcmac | N/A | N/A | Appliance MAC address |
fileHash | <hash> | Text/String | SHA1 |
request | <url> | Text/String | URL |
rt | N/A | N/A | Log generation time Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC) |