https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50198#M36967 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes you can do that, very usefull for auditing <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Maybe upload logs to syslog server and make a script for sending an alert</P><P></P><P>V.</P></BODY></HTML> Tue, 20 Aug 2013 10:31:12 GMT VinceM 2013-08-20T10:31:12Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50191#M36960 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Any know an opportunity to scan network flow with PaloAlto to find files by file name? Eg.: i entered "angry tiger" and i find all files (including all file types) with that name sent over the network.</P></BODY></HTML> Mon, 19 Aug 2013 13:52:48 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50191#M36960 Interface 2013-08-19T13:52:48Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50192#M36961 <HTML><HEAD></HEAD><BODY><P>Please check these links:</P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-3904">https://live.paloaltonetworks.com/docs/DOC-3904</A></P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/23749#23749">https://live.paloaltonetworks.com/message/23749#23749</A></P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/10273#10273">https://live.paloaltonetworks.com/message/10273#10273</A></P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/11919#11919">https://live.paloaltonetworks.com/message/11919#11919</A></P><P></P><P></P><P>BR,</P><P>Karthik RP</P></BODY></HTML> Mon, 19 Aug 2013 14:31:58 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50192#M36961 kprakash 2013-08-19T14:31:58Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50193#M36962 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>We see that you are looking for certain text and you are receiving all files with all file types. If there is a filter to be made for certain file types we will have to use the file blocking profile as explained below.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-3094" style="font-size: 10pt; line-height: 1.5em;">https://live.paloaltonetworks.com/docs/DOC-3094</A></P><P>You can also create custom vulnerability by creating custom signature for matching a certain pattern of text in files so that the PAN can search for these texts and when matches logs with the custom vulnerability on the device.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 19 Aug 2013 14:33:41 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50193#M36962 Phoenix 2013-08-19T14:33:41Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50194#M36963 <HTML><HEAD></HEAD><BODY><P>Thanks for answers. So as i understand, no way to find file using file name. Or anyone has other ideas? </P><P>Let me explain more what i want: If someone sent a file: angry_tiger.doc or angry_tiger.mp3, or angry_tiger.avi, or angry_tiger.*(any file type). Can i some how find that file using file name "angry_tiger"?</P></BODY></HTML> Tue, 20 Aug 2013 07:12:07 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50194#M36963 Interface 2013-08-20T07:12:07Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50195#M36964 <HTML><HEAD></HEAD><BODY><P>Please follow below mentioned discussion for more info:</P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/message/3553#3553" style="font-size: 10pt; line-height: 1.5em;">https://live.paloaltonetworks.com/message/3553#3553</A></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Hope it </SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">helps.</SPAN></P><P></P><P>Thanks</P></BODY></HTML> Tue, 20 Aug 2013 07:38:24 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50195#M36964 HULK 2013-08-20T07:38:24Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50196#M36965 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you want to search file name, you ave to go through data filtering profile.</P><P>The easiest way to do it is to use regex? With this method you can search all what you want.</P><P>Eg: <A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-4860">https://live.paloaltonetworks.com/docs/DOC-4860</A>.</P><P></P><P>Just keep in mind that you can't search string with size&nbsp; under 7.</P><P></P><P>Hope help.</P><P></P><P>V.</P></BODY></HTML> Tue, 20 Aug 2013 08:37:16 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50196#M36965 VinceM 2013-08-20T08:37:16Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50197#M36966 <HTML><HEAD></HEAD><BODY><P>I found one solution: i must log all file types using File Blocking profile (File Type -&gt; any, Action -&gt; alert) and then in a Data Filtering log i can find file using file name. Not ideal, but works <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Tue, 20 Aug 2013 10:22:14 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50197#M36966 Interface 2013-08-20T10:22:14Z https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50198#M36967 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes you can do that, very usefull for auditing <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Maybe upload logs to syslog server and make a script for sending an alert</P><P></P><P>V.</P></BODY></HTML> Tue, 20 Aug 2013 10:31:12 GMT https://live.paloaltonetworks.com/t5/general-topics/scanning-network-flow-using-file-name/m-p/50198#M36967 VinceM 2013-08-20T10:31:12Z