Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
3
Helpful
2
Replies

resolving IPs to hostnames in IDS events

jchrisos
Level 1
Level 1

‎02-10-2006 11:44 PM - edited ‎03-10-2019 01:53 AM

Is there any way to resolve the reported IP address in a signature that fired into a hostname? Here's the background as to why:

We have a customer with a custom signature. We have a list of authorized devices which basically tells us not to sound the alarms if a particular host fires this signature. All others, we need to let them know.

When this signature fires, it only shows the source IP address. Many of the authorized hosts are on a network that uses DHCP. So, we can't filter out by IP address since these are dynamic. All we know for certain are the hostnames that are authorized.

Any way to make the IDS resolve hostnames for a particular signature? Even for all signatures if a global command exists?

Thanks!!

Jim

Labels:
0 Helpful
2 Replies 2

wyley.johnson
Level 4
Level 4

‎02-11-2006 04:35 PM

I am not sure about resolving the IP on the IDS. Is it possible to make a DHCP reservation for a particular IP for the specified host? You typically just associate the MAC address with the desired IP. Then that host will always grab that particular IP in the DHCP range. Then you could filter by IP, since it will remain constant.

jchrisos
Level 1
Level 1
In response to wyley.johnson

‎02-11-2006 09:31 PM

Definitely an option I will pose to the client - thanks for mentioning that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card