URL Analysis Events

https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf

Rule Name

Rule Type

Common Event

Classification

URL Analysis Events

Base Rule

URL Information

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

CEF format version

N/A

N/A

N/A

Appliance vendor

N/A

N/A

N/A

Appliance product

N/A

<version>

Numbers

Appliance version

N/A

<vmid>

Numbers

Event ID

N/A

<vendorinfo>

Text/String

Description

N/A

<severity>

Number

Severity
3: Informational

rt

N/A

N/A

Analysis Time

dvc

<dip>

IP Address

Appliance IP address

dvchost

<dname>

Text/String

Appliance hostname

dvcmac

<dmac>

Text/String/Numbers

Appliance MAC address

deviceExternalId

N/A

N/A

Appliance GUID

request

<url>

Text/String

Event Type Label

fileHash

<hash>

Text/String/Numbers

Event Type

cs1Label

N/A

N/A

Sandbox image type

cs1

N/A

N/A

Sandbox image type

cn2Label

N/A

N/A

ROZ rating (Virtual
Analyzer internal code for
analysis results)

cn2

<result>

Text/String

• -1: Unsupported file type in ROZ

• 0: No risk found

• 1: Low risk

• 2: Medium risk

• 3: High risk

cn3Label

N/A

N/A

PCAP Ready

cn3

N/A

N/A

PCAP Ready