diff --git a/scripts/policy/frameworks/intel/seen/smb-filenames.bro b/scripts/policy/frameworks/intel/seen/smb-filenames.bro
index 7a18276f49..17b59c6e7c 100644
--- a/scripts/policy/frameworks/intel/seen/smb-filenames.bro
+++ b/scripts/policy/frameworks/intel/seen/smb-filenames.bro
@@ -11,7 +11,9 @@ event file_new(f: fa_file)
         local c = f$conns[id];
         if ( c?$smb_state && c$smb_state?$current_file && c$smb_state$current_file?$name )
             {
-            Intel::seen([$indicator=c$smb_state$current_file$name,
+            local split_fname = split_string(c$smb_state$current_file$name, /\\/);
+            local fname = split_fname[|split_fname|-1];
+            Intel::seen([$indicator=fname,
                         $indicator_type=Intel::FILE_NAME,
                         $f=f,
                         $where=SMB::IN_FILE_NAME]);