https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32009#M23447 <HTML><HEAD></HEAD><BODY><P>Yes</P><P>It depends on application.</P><P>Go and browse the web.</P><P>Download some pdf or doc from internet for example.</P><P>Go and find log entry for this file.</P><P>And you should see referer link there.</P><P></P><P>If not then copy ip of other side and paste it to URL filtering log.</P><P>Probably as destination. For example</P><P>( addr.dst in 194.106.121.19 )</P></BODY></HTML> Fri, 26 Jun 2015 15:45:08 GMT Raido_Rattameister 2015-06-26T15:45:08Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32006#M23444 <HTML><HEAD></HEAD><BODY><P>Troubleshooting what I think is a false positive but the Detailed Log View (under Threats monitoring) only shows the filename and not its full location on the HD of the machine. Is there any way to find out the full location?</P></BODY></HTML> Thu, 25 Jun 2015 19:51:49 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32006#M23444 Khang_Than-Trong 2015-06-25T19:51:49Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32007#M23445 <HTML><HEAD></HEAD><BODY><P>Data filtering log.</P><P>Click on magnifying glass and bottom right there is url column where you can see full url.</P></BODY></HTML> Fri, 26 Jun 2015 07:11:05 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32007#M23445 Raido_Rattameister 2015-06-26T07:11:05Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32008#M23446 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply. Do you mean the magnifying glass that brings up the "Detailed Log View?" Its URL column only indicates "setup.exe" in this example, and not the full disk path. I wonder if that's available anywhere?</P></BODY></HTML> Fri, 26 Jun 2015 15:23:26 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32008#M23446 Khang_Than-Trong 2015-06-26T15:23:26Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32009#M23447 <HTML><HEAD></HEAD><BODY><P>Yes</P><P>It depends on application.</P><P>Go and browse the web.</P><P>Download some pdf or doc from internet for example.</P><P>Go and find log entry for this file.</P><P>And you should see referer link there.</P><P></P><P>If not then copy ip of other side and paste it to URL filtering log.</P><P>Probably as destination. For example</P><P>( addr.dst in 194.106.121.19 )</P></BODY></HTML> Fri, 26 Jun 2015 15:45:08 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32009#M23447 Raido_Rattameister 2015-06-26T15:45:08Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32010#M23448 <HTML><HEAD></HEAD><BODY><P>In this case, it is *originating* from an internal machine to another, and the only URL listed is the filename without its fixed disk location. I am guessing the filename + the originating machine is as much information as it will have since that info isn't on the network info without some sort of agent on the originating machine. I'm trying to find out where on that originating machine it is located.</P></BODY></HTML> Fri, 26 Jun 2015 15:48:45 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32010#M23448 Khang_Than-Trong 2015-06-26T15:48:45Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32011#M23449 <HTML><HEAD></HEAD><BODY><P>So it is SMB traffic (Windows file share)?</P></BODY></HTML> Fri, 26 Jun 2015 15:53:18 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32011#M23449 Raido_Rattameister 2015-06-26T15:53:18Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32012#M23450 <HTML><HEAD></HEAD><BODY><P>Yes, it's SMB traffic. Whoops forgot to mention that.</P></BODY></HTML> Fri, 26 Jun 2015 15:54:16 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32012#M23450 Khang_Than-Trong 2015-06-26T15:54:16Z https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32013#M23451 <HTML><HEAD></HEAD><BODY><P>I doubt that you see UNC path anywhere.</P><P>For example you can't block traffic based on UNC path <A href="https://live.paloaltonetworks.com/docs/DOC-7786">Dynamic Block Lists and UNC Server Path</A></P></BODY></HTML> Sat, 27 Jun 2015 05:30:28 GMT https://live.paloaltonetworks.com/t5/general-topics/full-location-of-affected-threat-url-filename/m-p/32013#M23451 Raido_Rattameister 2015-06-27T05:30:28Z