Skip to main content
Skip table of contents

URL Analysis Events

Vendor Documentation

https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

URL Analysis Events

Base Rule

URL Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

CEF format version

N/A

N/A

N/A

Appliance vendor

N/A

N/A

N/A

Appliance product

N/A

<version>

Numbers

Appliance version

N/A

<vmid>

Numbers

Event ID

N/A

<vendorinfo>

Text/String

Description

N/A

<severity>

Number

Severity
3: Informational

rt

N/A

N/A

Analysis Time

dvc

<dip>

IP Address

Appliance IP address

dvchost

<dname>

Text/String

Appliance hostname

dvcmac

<dmac>

Text/String/Numbers

Appliance MAC address

deviceExternalId

N/A

N/A

Appliance GUID

request

<url>

Text/String

Event Type Label

fileHash

<hash>

Text/String/Numbers

Event Type

cs1Label

N/A

N/A

Sandbox image type

cs1

N/A

N/A

Sandbox image type

cn2Label

N/A

N/A

ROZ rating (Virtual
Analyzer internal code for
analysis results)

cn2

<result>

Text/String

  • -1: Unsupported file type in ROZ

  • 0: No risk found

  • 1: Low risk

  • 2: Medium risk

  • 3: High risk

cn3Label

N/A

N/A

PCAP Ready

cn3

N/A

N/A

PCAP Ready

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close