AFAIK complete url is not recorded by the agent therefore you will not be able to create an IIOC that looks for a specific url, however you can create an IIOC to look for a specific domain. You can also import the list of domains or IPs to NetWitness Endpoint and when visited there is already an existing IIOC "Custom: Bad domain" & "Custom: Bad IP" that will get triggered.
You can do this by going to Tools>Import/Export>Checksums..
