Schema for the rl-uri report format
The Spectra Assure platform supports a special format for analysis reports called rl-uri
.
This format provides detailed information on all URIs (networking strings) detected in the software package version during analysis.
It can be downloaded from the Networking page in the Portal UI.
To generate reports in the rl-uri
format:
- with
rl-secure
CLI, use the rl-secure report command - with the Spectra Assure Portal API, use the "Export analysis report" endpoint
Due to the removal of sensitive URIs, the number of rows on the Networking page in the Portal UI will not correspond to the number of rows in the exported rl-uri
file.
This page describes the full schema of the rl-uri
report format.
How to read the schema?โ
The schema contents are displayed as a schema model and described in alphabetical order.
The full rl-uri
report example is displayed below the schema.
Desktop browsers: To make the schema easier to read, you can hide the navigation sidebar by selecting the <<
button at the bottom left of the page.
rl-uri report schemaโ
rl-uri report exampleโ
| classification | threat-name | scheme | hostname | encoded-uri | uri-occurrence | uri-tags |
|----------------|-----------------------------|--------|----------------|---------------------------------------------------------------------------------|----------------|-------------------------------------|
| unknown | | https | aka.ms | https://aka.ms/windowsappsdk/1.5/1.5.240627000/windowsappruntimeinstall-x86.exe | 1 | uri-interesting-file\|uri-shortened |
| malicious | Win32.Hyperlink.Blacklisted | ftp | 177.198.23.56 | ftp://177.198.23.56/get/malware.exe | 1 | uri-domain-blacklisted |
| suspicious | Email.Hyperlink.Homoglyph | http | g0ogle.com | http://www.g0ogle.com/login | 2 | uri-domain-homoglyph |