v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/urlscan
Overview
16Tables
Versions
GitHub
steampipe plugin install urlscan

Table: urlscan_protocol - Query URLScan Protocol using SQL

URLScan Protocol is a component of URLScan, a web security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. It scans HTTP requests to filter out potentially harmful requests, such as those that may exploit a known vulnerability. URLScan Protocol helps to identify and categorize the network protocols used in the HTTP requests made during a scan.

Table Usage Guide

The urlscan_protocol table provides insights into the network protocols used in HTTP requests during a scan in URLScan. As a security analyst, explore protocol-specific details through this table, including the types of protocols used, their frequency, and associated metadata. Utilize it to uncover information about the protocols, such as those frequently used in potentially harmful requests, and the correlation between protocol type and scan results.

Important Notes

  • You must specify the scan in the where clause to query this table.

Examples

List protocols

Explore which protocols are most frequently used in a specific scan to identify potential security risks or unusual network activity. This can help in understanding the network behavior and devise strategies for improved security.

select
  *
from
  urlscan_protocol
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;
select
  *
from
  urlscan_protocol
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;

Protocols by country

Discover the segments that use different protocols, organized by country, to gain insights into internet usage patterns and potential security risks. This information can be useful for identifying areas of concern and optimizing network performance.

select
  countries ->> 0 as country,
  protocol
from
  urlscan_protocol
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  protocol;
select
  json_extract(countries, '$[0]') as country,
  protocol
from
  urlscan_protocol
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  protocol;

Schema for urlscan_protocol

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
countbigintNumber of requests to the protocol.
countriesjsonbCountries where the protocol resides.
encoded_sizebigintTotal encoded size of all requests sent to this protocol.
ipsjsonbIP addresses for the protocol.
protocoltextThe protocol.
scantext=ID of the scan result.
sizebigintTotal size of all requests sent to this protocol.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan

You can pass the configuration to the command with the --config argument:

steampipe_export_urlscan --config '<your_config>' urlscan_protocol