Breadcrumbs

URL


The URL referenced or impacted by activity reported in the log.

Data Type

String

Aliases

Use

Alias

Client Console Full Name

URL

Client Console Short Name

URL

Web Console Tab/Name

URL

Elasticsearch Field Name

url

Rule Builder Column Name

URL

Regex Pattern

<url>

NetMon Name

Not applicable

Field Relationships

  • Domain (Domain Impacted)

  • Domain Origin

  • Session

  • Response Code

  • Protocol Number

  • Protocol Name

Common Applications

  • Proxy

  • IDS/IPS

  • Network monitoring

  • Firewall

  • Web servers/DNS

Use Case

  • Tracking user web activity.

  • Tracking and comparing hostile domains with lists of known bad web domains.

MPE/Data Masking Manipulations

Data Masking is used for QNAME format URL (14)DB001560E6EBC5(9)soasdfgtu(3)com(0.

Usage Standards

Do not use the vendor's link to details, which parses into Vendor Info.

Examples

  • Blue Coat Proxy

08 27 2011 19:00:00 1.1.1.1 <USER:NOTE> 2011-08-27 02:05:36 151 3.1.4.2 - - - OBSERVED "Email" http://Host10.com/neo/launch?.rand=6upoddav8e6  204 TCP_NC_MISS POST text/json http Host10 80 /neo/stat - - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" 1.1.1.1 492 1434 –

Highlighted URL from proxy log parses into URL.

  • Windows DNS

11/21/2011 10:14:05 AM 0F8C PACKET  00000000089853C0 UDP Snd 1.1.1.1  fa93 R Q [8385 A DR NXDOMAIN] A (14)HP001560E6EBC5(9)sonalysts(3)com(0)

(14)DB001560E6EBC5(9)soasdfgtu(3)com(0(14)DB001560E6EBC5(9)soasdfgtu(3)com(0 with length octets. This is often a use case for data masking to replace the length octet with a period.