LogoLogo
WebsiteBlogLogin
  • Onum Docs
  • Use Cases
  • Videos
  • Release Notes
  • Welcome
  • Getting Started
    • About Onum
    • Architecture
    • Deployment
    • Getting Started with Onum
    • Understanding The Essentials
      • Cards and Table Views
      • Data Types
      • Graph Calculations
      • The Time Range Selector
    • Key Terminology
  • THE WORKSPACE
    • Home
    • Listeners
      • Cloud Listeners
      • Listener Integrations
        • Amazon S3
        • Amazon SQS
        • Apache Kafka
        • Azure Event Hubs
        • Cisco NetFlow
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • HTTP Pull
          • Netskope integration
          • OKTA integration
          • Sophos integration
          • CrowdStrike integration
          • Cortex integration
        • Microsoft 365
        • OpenTelemetry
        • Syslog
        • TCP
        • Tick
      • Labels
    • Pipelines
      • Building a Pipeline
        • AI Assistant
          • AI Pipeline Assistant
          • AI Action Assistant
      • Listeners
      • Actions
        • Advanced
          • Anonymizer
          • Bring Your Own Code
          • Field Generator
          • For Each
          • Google DLP
          • HTTP Request
          • Redis
        • Aggregation
          • Accumulator
          • Group By
        • AI
          • Amazon GenAI
          • BLIP-2
          • Cog
          • Google GenAI
          • Llama
          • Replicate
        • Detection
          • Sigma Rules
        • Enrichment
          • Lookup
        • Filtering
          • Conditional
          • Sampling
        • Formatting
          • Message Builder
        • Schemas
          • OCSF
        • Transformation
          • Field Transformation
            • Field Transformation Operations
              • Arithmetic / Logic
                • Divide Operation
                • Median
                • Multiply Operation
                • Subtract Operation
                • Sum Operation
              • Code tidy
                • JSON Minify
              • Control characters
                • Escape String
                • Unescape String
              • Conversion
                • Convert Area
                • Convert Data Units
                • Convert Distance
                • Convert Mass
                • Convert Speed
                • List to String
                • String to List
              • Data format
                • From Base
                • From Base64
                • From Hex
                • To Base
                • To Base64
                • To Hex
              • Date / Time
                • From Unix Timestamp
                • To Timestamp
                • To Unix Timestamp
                • Translate Datetime Format
              • Encoding / Decoding
                • From Binary
                • To Binary
                • To Decimal
              • Encryption / Encoding
                • JWT Decode
              • File system permissions
                • Parse Unix file permissions
              • Format conversion
                • CSV to JSON
                • JSON to CSV
                • Protobuf to JSON
              • Hashing
                • Keccak
                • MD2
                • MD4
                • MD5
                • SHA0
                • SHA1
                • SHA2
                • SHA3
                • Shake
                • SM3
              • List manipulation
                • Index list boolean
                • Index list float
                • Index list integer
                • Index list string
                • Index list timestamp
              • Networking
                • Defang IP Address
                • Defang URL
                • Extract IP Address
                • Fang IP Address
                • Fang URLs
                • IP to Hexadecimal
                • Parse URI
                • URL Decode
                • URL Encode
              • Other
                • Parse Int
              • String
                • Length
              • Text sample adding
                • Pad Lines
              • Utils
                • Byte to Human Readable
                • Count Occurrences
                • CRC8 Checksum
                • CRC16 Checksum
                • CRC24 Checksum
                • CRC32 Checksum
                • Credit Card Obfuscator
                • Filter
                • Find and Replace
                • Regex
                • Remove Whitespace
                • Reverse String
                • Shuffle
                • Sort
                • Substring
                • Swap Case
                • To Lower Case
                • To Upper Case
          • Flat JSON
          • JSON Transformation
          • JSON Unroll
          • Math Expression
          • Parser
            • PCL (Parser Configuration Language)
        • Utils
          • Unique
      • Data sinks
      • Bulk Changes
      • Publishing & Versioning
      • Test your Pipeline
    • Data sinks
      • Data sink Integrations
        • Amazon S3
        • Amazon SQS
        • Azure Blob Storage
        • Azure Event Hubs
        • Devo
        • Google BigQuery
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • Jira
        • Mail
        • Null
        • OpenTelemetry
        • PagerDuty
        • Pushover
        • Qradar
        • Relational Databases
        • ServiceNow
        • Slack
        • Splunk HEC
        • Syslog
        • TCP
        • Telegram
        • Twilio
    • Alerts
  • YOUR VAULT
    • Enrichment
    • Data History
    • Actions
  • ADMINISTRATION
    • Tenant Menu
    • Global Settings
      • Your Account
      • Organization Settings
        • Secrets Management
      • Tenant
        • Authentication
        • Users
        • Activity Log
        • API Keys
  • MARKETPLACE
    • Onum Marketplace
      • Pulling Pipelines
        • CrowdStrike Event Stream Logs - Falcon API
        • Netskope Events Alert
        • OKTA System Log API
        • Sophos Connector SIEM
Powered by GitBook
On this page
  • Description
  • Data types
  • Input data
  • Output data
  • Parameters
  • Example

Was this helpful?

Export as PDF
  1. THE WORKSPACE
  2. Pipelines
  3. Actions
  4. Transformation
  5. Field Transformation
  6. Field Transformation Operations
  7. Networking

Defang URL

PreviousDefang IP AddressNextExtract IP Address

Last updated 3 months ago

Was this helpful?

Description

This operation makes URLs safe to share by preventing accidental clicks or access. This is especially useful in cybersecurity contexts, where you might need to share potentially malicious URLs without making them active links.


Data types

These are the input/output expected data types for this operation:

Input data

- URLs you want to defang.

Output data

- Defanged URLs.


Parameters

These are the parameters you need to configure to use this operation (mandatory parameters are marked with a *):

Escape Dots*

Set this parameter to true if you want to replace . in the domain with [.]. This breaks the URL’s domain and subdomain structure, making the URL inactive. For example, example.com becomes example[.]com.

Escape HTTP*

Set this parameter to true if you want to modify http or https to hxxp or hxxps, respectively. This makes the protocol itself inactive, adding an extra layer of safety.

Escape ://*

Set this parameter to true if you want to replace the :// separator with [://], making it clear where the protocol ends while breaking its functionality.

Process Type*

Choose one of the following options:

  • Valid domains and full URLs - Processes both complete URLs (like https://example.com) and standalone domain names (like example.com) for defanging.

  • Only full URLs - Processes only fully qualified URLs, ignoring standalone domain names.

  • Everything - Applies defanging to all potential URLs, domain names, or anything resembling a URL in the text.


Example

Suppose you want to defang a series of events that represent URLs:

  1. In the Operation field, choose Defang URL.

  2. Set Escape Dots to true.

  3. Set Escape HTTP to true.

  4. Set Escape ://* to false.

  5. Set Process Type to Everything.

  6. Give your Output field a name and click Save. The URLs in your input field will be defanged. For example:

https://example.com -> hxxps://example[.]com

You can try out operations with specific values using the Input field above the operation. You can enter the value in the example above and check the result in the Output field.

In your Pipeline, open the required configuration and select the input Field.

Action