02-10-2006 11:44 PM - edited 03-10-2019 01:53 AM
Is there any way to resolve the reported IP address in a signature that fired into a hostname? Here's the background as to why:
We have a customer with a custom signature. We have a list of authorized devices which basically tells us not to sound the alarms if a particular host fires this signature. All others, we need to let them know.
When this signature fires, it only shows the source IP address. Many of the authorized hosts are on a network that uses DHCP. So, we can't filter out by IP address since these are dynamic. All we know for certain are the hostnames that are authorized.
Any way to make the IDS resolve hostnames for a particular signature? Even for all signatures if a global command exists?
Thanks!!
Jim
02-11-2006 04:35 PM
I am not sure about resolving the IP on the IDS. Is it possible to make a DHCP reservation for a particular IP for the specified host? You typically just associate the MAC address with the desired IP. Then that host will always grab that particular IP in the DHCP range. Then you could filter by IP, since it will remain constant.
02-11-2006 09:31 PM
Definitely an option I will pose to the client - thanks for mentioning that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide