2 Replies Latest reply on Aug 26, 2015 10:19 AM by bblanchard

    Implement URL Actions with Hosts


      II was able to configure the "Execute Remote Command" to look up the source and destination IP on sites like robtex by using the http://<site>/[$Source IP]   format. Is there a way that we can execute remote command for other types than the IPs such as Host or URL for instance ?


      I have a web gateway feeding logs to my SIEM and in my Host field, it parses the web site host like www.facebook.com. I'd like to be able to execute a remote command to lookup these hosts the same way I do with source and destination IP. Unfortunately, the [$Host] or [$Url] does not work.