URL Filtering 1
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
URL Filtering | Base Rule | General Firewall Log | Network Traffic |
URL Filtering : Traffic Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
URL Filtering : Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
URL Filtering : Traffic Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
URL Filtering : Traffic Dropped | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
URL Filtering : Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
URL Filtering : Control Traffic | Sub Rule | General Firewall Log | Network Traffic |
URL Filtering : Traffic Redirected | Sub Rule | Traffic Redirected | Network Traffic |
Sample Logs
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
---|---|---|
Product | <version> | Text/String |
Origin | <sender> | Number/Text |
Action | <action> | Text/String |
Action | <tag1> | Text/String |
SIP | <sip> | Number |
SPort | <sport> | Number |
DIP | <dip> | Number |
DPort | <dport> | Number |
Protocol | <protname> | Number/Text |
IFName | <sinterface> | Number |
IFDirection | <tag2> | text/string |
Reason | <reason> | Number/Text |
policyname | <policy> | Number/Text |
Info | <vendorinfo> | Number/Text |
XlateSIP | <snatip> | Number |
XlateSport | <snatport> | Number |
XlateDIP | <dnatip> | Number |
XlateDPort | <dnatport> | Number |
URL | <url> | Number/Text |
User | <login> | Text/String |
matched_category | <subject> | Number/Text |
app_rule_name | <command> | Number/Text |
web_client_type | <useragent> | Number/Text |
app_risk | <severity> | Number/Text |
appi_name | <process> | Number/Text |
src_machine_name | <sname> | Text/String |
src_user_name | <login> | Number/Text |
received_bytes | <bytesin> | Number |
sent_bytes | <bytesout> | Number |