Defang URL

Description

This operation makes URLs safe to share by preventing accidental clicks or access. This is especially useful in cybersecurity contexts, where you might need to share potentially malicious URLs without making them active links.

Data types

These are the input/output expected data types for this operation:

Input data

- URLs you want to defang.

Output data

- Defanged URLs.

Parameters

These are the parameters you need to configure to use this operation (mandatory parameters are marked with a *):

Escape Dots*

Set this parameter to true if you want to replace . in the domain with [.]. This breaks the URL’s domain and subdomain structure, making the URL inactive. For example, example.com becomes example[.]com.

Escape HTTP*

Set this parameter to true if you want to modify http or https to hxxp or hxxps, respectively. This makes the protocol itself inactive, adding an extra layer of safety.

Escape ://*

Set this parameter to true if you want to replace the :// separator with [://], making it clear where the protocol ends while breaking its functionality.

Process Type*

Choose one of the following options:

Valid domains and full URLs - Processes both complete URLs (like https://example.com) and standalone domain names (like example.com) for defanging.
Only full URLs - Processes only fully qualified URLs, ignoring standalone domain names.
Everything - Applies defanging to all potential URLs, domain names, or anything resembling a URL in the text.

Example

Suppose you want to defang a series of events that represent URLs:

In your Pipeline, open the required Action configuration and select the input Field.
In the Operation field, choose Defang URL.
Set Escape Dots to true.
Set Escape HTTP to true.
Set Escape ://* to false.
Set Process Type to Everything.
Give your Output field a name and click Save. The URLs in your input field will be defanged. For example:

https://example.com -> hxxps://example[.]com

You can try out operations with specific values using the Input field above the operation. You can enter the value in the example above and check the result in the Output field.

PreviousDefang IP Address NextExtract IP Address

Last updated 3 months ago

Was this helpful?

Parameters

These are the parameters you need to configure to use this operation (mandatory parameters are marked with a *):

Escape Dots*

Escape HTTP*

Set this parameter to true if you want to modify http or https to hxxp or hxxps, respectively. This makes the protocol itself inactive, adding an extra layer of safety.

Escape ://*

Set this parameter to true if you want to replace the :// separator with [://], making it clear where the protocol ends while breaking its functionality.

Process Type*

Choose one of the following options:

Valid domains and full URLs - Processes both complete URLs (like https://example.com) and standalone domain names (like example.com) for defanging.
Only full URLs - Processes only fully qualified URLs, ignoring standalone domain names.
Everything - Applies defanging to all potential URLs, domain names, or anything resembling a URL in the text.

Example

Suppose you want to defang a series of events that represent URLs:

In your Pipeline, open the required Action configuration and select the input Field.

In the Operation field, choose Defang URL.

Set Escape Dots to true.

Set Escape HTTP to true.

Set Escape ://* to false.

Set Process Type to Everything.

Give your Output field a name and click Save. The URLs in your input field will be defanged. For example:

https://example.com -> hxxps://example[.]com

You can try out operations with specific values using the Input field above the operation. You can enter the value in the example above and check the result in the Output field.