AnsweredAssumed Answered

Looking for searching criteria on SA based on Filename

Question asked by RSA Admin Employee on May 22, 2014
Latest reply on Jun 9, 2014 by Anil143

Dear Friends,


I want to search a infection based on file name and the filename information provided below


Find the below info which shows a successful exploit callback. I am not sure how to make search on SA with file name since the file name is alphanumeric and its gets change randomly. I believe there could be lots of infection with same pattern. We use only packet decoder so regex won't work.

Please note that i want search with only filename since the directory field is always empty.


orig_ip :


ip.addr :


action :  post


alias.ip :


directory :  /





alias.ip : :  nw32550



threat.category :  spectrum


threat.source :  netwitness


orig_ip :


Thank you,

Awaiting for valuable response.