I work as an incident response analyst and one of our often used resources are the web proxy logs from our Palo Alto boxes.
We often receieve incident tickets involving clients visiting "www.badsite.com/bad/virus.pdf" or something along those lines.
We need to be able to search events in the URL filtering log using a URL string.
Unfortunately, URLs aren't available as a filter and I cannot figure out how to index them in the "Custom Types" menu.
Can anyone help? Will I need to create a custom rule so that we can index specific URLs?