Policy Guide › Protecting Data at the Network Boundary › Detecting URLs in Traffic Crossing the Network Boundary › Detecting URLs in Network Events

Detecting URLs in Network Events

Use xmlattr lookup commands to apply policy to network events originating from specific URLs.

Syntax

To detect network events originating from specific URLs, the syntax is:

xmlattr WHERE apm/event/file/url <stringoperator> <URLs>

Where:

<stringoperator> determines that the specified URLs must be present. Example values include 'is', 'is any', 'contains', and 'contains any'. See the reference below for full details.

<URLs> specifies the URLs you want to detect.

Examples

• This example detects network events if any of the specified URLs are present:

  xmlattr WHERE apm/event/file/url contains any 
  {"domain.co.uk", "domain.net"}
  

• This example uses wildcard to detect matching URLs:

  xmlattr WHERE apm/event/file/url is any 
  {"http://www.domain.*", "http://login.domain.*", "http://mail.domain.*"}
  

More information:

XML Attribute Lookup Examples

XML Attribute Lookup

<Stringoperator>