cancel
Showing results for 
Search instead for 
Did you mean: 

Implement URL Actions with Hosts

Jump to solution

II was able to configure the "Execute Remote Command" to look up the source and destination IP on sites like robtex by using the http://<site>/[$Source IP]   format. Is there a way that we can execute remote command for other types than the IPs such as Host or URL for instance ?

I have a web gateway feeding logs to my SIEM and in my Host field, it parses the web site host like www.facebook.com. I'd like to be able to execute a remote command to lookup these hosts the same way I do with source and destination IP. Unfortunately, the [$Host] or [$Url] does not work.

1 Solution

Accepted Solutions

Re: Implement URL Actions with Hosts

Jump to solution

In the "Edit Remote Command" window you will see a small green arrow icon with a box around it.  Clicking here gives you a menu you can use to select any field you choose, and it will insert the proper syntax for that field into the Command String.  For host, the proper syntax is [$%HostID].

Scott

2 Replies

Re: Implement URL Actions with Hosts

Jump to solution

In the "Edit Remote Command" window you will see a small green arrow icon with a box around it.  Clicking here gives you a menu you can use to select any field you choose, and it will insert the proper syntax for that field into the Command String.  For host, the proper syntax is [$%HostID].

Scott

Re: Implement URL Actions with Hosts

Jump to solution

Not sure how i missed that.

Thanks !