Wildfire - URL Truncated

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

Wildfire - URL Truncated

Hi, it seems that the URL in WildFire Report Details is truncated. Would like to know this is as per design or a bug? We would like to download the malware to submit to our AV vendor for signature.

Highlighted
L4 Transporter

Hi Chang,

If you can share the exact URL we can test it in the lab and share the results to see if we have the same issue and find the expected behavior for you. You can also share the report for us to view the details on it.

Highlighted
Not applicable

Phoenix,

Lets take this phishing URL:-

Actual full path:- www.theironworkstavern.com/info.php?inv=I0RkollR2tIHKR9t1vElfNtZzpxFcfAGR4TZ+PQ/WM4=

PaloAlto WildFire Report :-www.theironworkstavern.com/info.php?inv=I0RkollR2tIHKR9t1vElfNt

Highlighted
Not applicable

Not sure it is the display being truncated or it has been truncated before insert to the database

Highlighted
L4 Transporter

Thanks for sharing let me test and get back to you.

I understand the point that it should not be truncated before submitting for analysis.. may be it is a GUI issue of truncated, but let me find details from my side too.

Highlighted
L4 Transporter

The maximum length of filename field in the WildFire Portal is 63 bytes which is too short to cover full path in some cases, hence the report shows a truncated name.

Thanks,

Aditi

Highlighted
Not applicable

Aditi, is there a way to get the full path of the URL? we need the file to submit to our AV vendor. Can this be fix to display full URL ? or the sample can be made available for us to download?

Highlighted
L4 Transporter

This is our current file name length limitation, please contact your sales representative for a FR to increase the length of the path. You can't download the samples at this time, but the Malware samples are retained by PAN and used for research purposes.


Thanks,

Aditi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!