Full location of affected threat URL/filename?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Full location of affected threat URL/filename?

L1 Bithead

Troubleshooting what I think is a false positive but the Detailed Log View (under Threats monitoring) only shows the filename and not its full location on the HD of the machine. Is there any way to find out the full location?

7 REPLIES 7

Cyber Elite
Cyber Elite

Data filtering log.

Click on magnifying glass and bottom right there is url column where you can see full url.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thanks for the reply. Do you mean the magnifying glass that brings up the "Detailed Log View?" Its URL column only indicates "setup.exe" in this example, and not the full disk path. I wonder if that's available anywhere?

Cyber Elite
Cyber Elite

Yes

It depends on application.

Go and browse the web.

Download some pdf or doc from internet for example.

Go and find log entry for this file.

And you should see referer link there.

If not then copy ip of other side and paste it to URL filtering log.

Probably as destination. For example

( addr.dst in 194.106.121.19 )

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

In this case, it is *originating* from an internal machine to another, and the only URL listed is the filename without its fixed disk location. I am guessing the filename + the originating machine is as much information as it will have since that info isn't on the network info without some sort of agent on the originating machine. I'm trying to find out where on that originating machine it is located.

Cyber Elite
Cyber Elite

So it is SMB traffic (Windows file share)?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Yes, it's SMB traffic. Whoops forgot to mention that.

Cyber Elite
Cyber Elite

I doubt that you see UNC path anywhere.

For example you can't block traffic based on UNC path Dynamic Block Lists and UNC Server Path

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 3750 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!