Skip to main content
Skip table of contents


The URL referenced or impacted by activity reported in the log.

Data Type




Client Console Full Name


Client Console Short Name


Web Console Tab/Name


Elasticsearch Field Name


Rule Builder Column Name


Regex Pattern


NetMon Name

Not applicable

Field Relationships

  • Domain (Domain Impacted)
  • Domain Origin
  • Session
  • Response Code
  • Protocol Number
  • Protocol Name

Common Applications

  • Proxy
  • Network monitoring
  • Firewall
  • Web servers/DNS

Use Case

  • Tracking user web activity.
  • Tracking and comparing hostile domains with lists of known bad web domains.

MPE/Data Masking Manipulations

Data Masking is used for QNAME format URL (14)DB001560E6EBC5(9)soasdfgtu(3)com(0.

Usage Standards

Do not use the vendor's link to details, which parses into Vendor Info.


  • Blue Coat Proxy

08 27 2011 19:00:00 <USER:NOTE> 2011-08-27 02:05:36 151 - - - OBSERVED "Email"  204 TCP_NC_MISS POST text/json http Host10 80 /neo/stat - - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" 492 1434 –

Highlighted URL from proxy log parses into URL.

  • Windows DNS

11/21/2011 10:14:05 AM 0F8C PACKET  00000000089853C0 UDP Snd  fa93 R Q [8385 A DR NXDOMAIN] A (14)HP001560E6EBC5(9)sonalysts(3)com(0)

(14)DB001560E6EBC5(9)soasdfgtu(3)com(0(14)DB001560E6EBC5(9)soasdfgtu(3)com(0 with length octets. This is often a use case for data masking to replace the length octet with a period.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.