Uniform Resource Locator
Uniform Resource Locator is a searchable entity at the top of Query's UI.
url
The Uniform Resource Locator(URL) object describes the characteristics of a URL. Defined in RFC 1738 and by D3FEND d3f:URL.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Website Categorization | categories | String |
The Website categorization names, as defined by category_ids enum values.
|
||
| Website Categorization IDs | category_ids | Integer |
The Website categorization identifiers.
|
||
| Domain | domain | String |
The domain portion of the URL. For example: example.com in https://sub.example.com.
|
||
| Hostname | hostname | Hostname |
The URL host as extracted from the URL. For example: www.example.com from www.example.com/download/trouble.
|
||
| Path | path | Path Name |
The URL path as extracted from the URL. For example: /download/trouble from www.example.com/download/trouble.
|
||
| Port | port | Port |
The URL port. For example: 80.
|
||
| HTTP Query String | query_string | String |
The query portion of the URL. For example: the query portion of the URL http://www.example.com/search?q=bad&sort=date is q=bad&sort=date.
|
||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Reputation Scores | reputation | Reputation |
Contains the original and normalized reputation scores.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Resource Type | resource_type | String | The context in which a resource was retrieved in a web request. | ||
| Scheme | scheme | String |
The scheme portion of the URL. For example: http, https, ftp, or sftp.
|
||
| Subdomain | subdomain | String |
The subdomain portion of the URL. For example: sub in https://sub.example.com or sub2.sub1 in https://sub2.sub1.example.com.
|
||
| URL Text | text | URL String |
The URL. For example: http://www.example.com/download/trouble.exe.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| URL String | url_string | URL String |
The URL string. See RFC 1738. For example: http://www.example.com/download/trouble.exe. Note: The URL path should not populate the URL string.
|
References
Context
JSON
{
"observable": 23,
"caption": "Uniform Resource Locator",
"description": "The Uniform Resource Locator(URL) object describes the characteristics of a URL. Defined in <a target='_blank' href='https://datatracker.ietf.org/doc/html/rfc1738'>RFC 1738</a> and by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:URL/'>d3f:URL</a>.",
"extends": "object",
"name": "url",
"attributes": {
"categories": {
"requirement": "optional",
"caption": "Website Categorization",
"description": "The Website categorization names, as defined by <code>category_ids</code> enum values.",
"type": "string_t",
"is_array": true
},
"category_ids": {
"requirement": "recommended",
"caption": "Website Categorization IDs",
"description": "The Website categorization identifiers.",
"sibling": "categories",
"type": "integer_t",
"enum": {
"0": {
"caption": "Unknown",
"description": "The Domain/URL category is unknown."
},
"1": {
"caption": "Adult/Mature Content"
},
"3": {
"caption": "Pornography"
},
"4": {
"caption": "Sex Education"
},
"5": {
"caption": "Intimate Apparel/Swimsuit"
},
"6": {
"caption": "Nudity"
},
"7": {
"caption": "Extreme"
},
"9": {
"caption": "Scam/Questionable/Illegal"
},
"11": {
"caption": "Gambling"
},
"14": {
"caption": "Violence/Hate/Racism"
},
"15": {
"caption": "Weapons"
},
"16": {
"caption": "Abortion"
},
"17": {
"caption": "Hacking"
},
"18": {
"caption": "Phishing"
},
"20": {
"caption": "Entertainment"
},
"21": {
"caption": "Business/Economy"
},
"22": {
"caption": "Alternative Spirituality/Belief"
},
"23": {
"caption": "Alcohol"
},
"24": {
"caption": "Tobacco"
},
"25": {
"caption": "Controlled Substances"
},
"26": {
"caption": "Child Pornography"
},
"27": {
"caption": "Education"
},
"29": {
"caption": "Charitable Organizations"
},
"30": {
"caption": "Art/Culture"
},
"31": {
"caption": "Financial Services"
},
"32": {
"caption": "Brokerage/Trading"
},
"33": {
"caption": "Games"
},
"34": {
"caption": "Government/Legal"
},
"35": {
"caption": "Military"
},
"36": {
"caption": "Political/Social Advocacy"
},
"37": {
"caption": "Health"
},
"38": {
"caption": "Technology/Internet"
},
"40": {
"caption": "Search Engines/Portals"
},
"43": {
"caption": "Malicious Sources/Malnets"
},
"44": {
"caption": "Malicious Outbound Data/Botnets"
},
"45": {
"caption": "Job Search/Careers"
},
"46": {
"caption": "News/Media"
},
"47": {
"caption": "Personals/Dating"
},
"49": {
"caption": "Reference"
},
"50": {
"caption": "Mixed Content/Potentially Adult"
},
"51": {
"caption": "Chat (IM)/SMS"
},
"52": {
"caption": "Email"
},
"53": {
"caption": "Newsgroups/Forums"
},
"54": {
"caption": "Religion"
},
"55": {
"caption": "Social Networking"
},
"56": {
"caption": "File Storage/Sharing"
},
"57": {
"caption": "Remote Access Tools"
},
"58": {
"caption": "Shopping"
},
"59": {
"caption": "Auctions"
},
"60": {
"caption": "Real Estate"
},
"61": {
"caption": "Society/Daily Living"
},
"63": {
"caption": "Personal Sites"
},
"64": {
"caption": "Restaurants/Dining/Food"
},
"65": {
"caption": "Sports/Recreation"
},
"66": {
"caption": "Travel"
},
"67": {
"caption": "Vehicles"
},
"68": {
"caption": "Humor/Jokes"
},
"71": {
"caption": "Software Downloads"
},
"83": {
"caption": "Peer-to-Peer (P2P)"
},
"84": {
"caption": "Audio/Video Clips"
},
"85": {
"caption": "Office/Business Applications"
},
"86": {
"caption": "Proxy Avoidance"
},
"87": {
"caption": "For Kids"
},
"88": {
"caption": "Web Ads/Analytics"
},
"89": {
"caption": "Web Hosting"
},
"90": {
"caption": "Uncategorized"
},
"92": {
"caption": "Suspicious"
},
"93": {
"caption": "Sexual Expression"
},
"95": {
"caption": "Translation"
},
"96": {
"caption": "Non-Viewable/Infrastructure"
},
"97": {
"caption": "Content Servers"
},
"98": {
"caption": "Placeholders"
},
"99": {
"caption": "Other",
"description": "The Domain/URL category is not mapped. See the <code>categories</code> attribute, which contains a data source specific value."
},
"101": {
"caption": "Spam"
},
"102": {
"caption": "Potentially Unwanted Software"
},
"103": {
"caption": "Dynamic DNS Host"
},
"106": {
"caption": "E-Card/Invitations"
},
"107": {
"caption": "Informational"
},
"108": {
"caption": "Computer/Information Security"
},
"109": {
"caption": "Internet Connected Devices"
},
"110": {
"caption": "Internet Telephony"
},
"111": {
"caption": "Online Meetings"
},
"112": {
"caption": "Media Sharing"
},
"113": {
"caption": "Radio/Audio Streams"
},
"114": {
"caption": "TV/Video Streams"
},
"118": {
"caption": "Piracy/Copyright Concerns"
},
"121": {
"caption": "Marijuana"
}
},
"is_array": true
},
"domain": {
"description": "The domain portion of the URL. For example: <code>example.com</code> in <code>https://sub.example.com</code>.",
"requirement": "optional",
"caption": "Domain",
"type": "string_t"
},
"hostname": {
"description": "The URL host as extracted from the URL. For example: <code>www.example.com</code> from <code>www.example.com/download/trouble</code>.",
"requirement": "recommended",
"caption": "Hostname",
"type": "hostname_t"
},
"path": {
"description": "The URL path as extracted from the URL. For example: <code>/download/trouble</code> from <code>www.example.com/download/trouble</code>.",
"requirement": "recommended",
"caption": "Path",
"type": "path_t"
},
"port": {
"description": "The URL port. For example: <code>80</code>.",
"requirement": "recommended",
"caption": "Port",
"type": "port_t"
},
"query_string": {
"requirement": "recommended",
"caption": "HTTP Query String",
"description": "The query portion of the URL. For example: the query portion of the URL <code>http://www.example.com/search?q=bad&sort=date</code> is <code>q=bad&sort=date</code>.",
"type": "string_t"
},
"resource_type": {
"description": "The context in which a resource was retrieved in a web request.",
"requirement": "optional",
"caption": "Resource Type",
"type": "string_t"
},
"scheme": {
"requirement": "recommended",
"caption": "Scheme",
"description": "The scheme portion of the URL. For example: <code>http</code>, <code>https</code>, <code>ftp</code>, or <code>sftp</code>.",
"type": "string_t"
},
"subdomain": {
"requirement": "optional",
"caption": "Subdomain",
"description": "The subdomain portion of the URL. For example: <code>sub</code> in <code>https://sub.example.com</code> or <code>sub2.sub1</code> in <code>https://sub2.sub1.example.com</code>.",
"type": "string_t"
},
"url_string": {
"description": "The URL string. See RFC 1738. For example: <code>http://www.example.com/download/trouble.exe</code>. Note: The URL path should not populate the URL string.",
"requirement": "recommended",
"caption": "URL String",
"type": "url_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"text": {
"requirement": "required",
"caption": "URL Text",
"description": "The URL. For example: <code>http://www.example.com/download/trouble.exe</code>.",
"type": "url_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"reputation": {
"requirement": "optional",
"caption": "Reputation Scores",
"description": "Contains the original and normalized reputation scores.",
"type": "reputation",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
}
},
"constraints": {
"at_least_one": [
"url_string",
"path"
]
}
}