cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4889
Views
0
Helpful
7
Replies

Can stealthwatch show a HOST NAME next to the HOST ADDRESS (IP) ???

Hi Team,

 

Someone knows if is possible that stealthwatch show a HOST NAME next to the HOST ADDRESS (IP)

The users works fine between ise and LDAP, but i can´t see in Stealthwatch GUI the HOST NAME (LDAP).
I attach an example of the GUI as I see StealthWatch web dashboard.

 

Regards!

7 Replies 7

Hi,
So if you are using ISE are you doing 802.1x authentication? If so you can configure pxgrid integration between ISE and Stealthwatch, this will share the User/IP address mapping information and you should be able to achieve what you are looking for.

HTH

Hello RJI,

Following this path in the dashboard _ MONITOR _ HOSTS  the dashboard, can "Host Name" show the user (LDAP) ??? or the information that shows "Host Name" is the name of the server ???

 

I attached an image for greater understanding

 

Thank you!

Regards!

Hey Carlos,

I presume you're using Stealthwatch 7.0 from the picture, go to Stealthwatch Management Console, then to Central Management, choose SMC -> from Actions choose Edit Appliance Configuration for SMC -> within Appliance Configuration switch to Network Services -> then add on the right, manually the FQDNs of the host you want resolved in Local Resolution tab.

I added 2 snapshots for ease. Then you'll have the names resolved in Dashboard, specially in Host dashboard.

brford
Cisco Employee
Cisco Employee

Carlos,

 

Have you configured your Stealthwatch Management Console (SMC) so that it can resolve using a local DNS?  If so (and if the local IP is listed in the local DNS DB) I believe that those network addresses should resolve to host names in the WebGUI.

 

I hope this helps.

 

Brian

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

Hello  brford,

Following this path in the dashboard _ MONITOR _ HOSTS , can "Host Name" show the user (LDAP) ??? or the information that shows "Host Name" is the name of the server ???

 

I attached an image for greater understanding

 

Thank you!

Regards!

Hey Brian,

 

This is not working like this, I made sure both FlowCollectors and SMC can resolve the local FQDN of the servers, through the configured DNS server in SMC, even tested it on the SMC configuration page to make sure cache is corect, but in WebGUI the resolution does not happen, that is in my opinion wrong. SMC should try to resolve by itself the FQDN of the IPs, specially for the Server Host Groups. Or we should have an option in Host Group configuration where to mention if we ask SMC to do FQDN resolution or not for those host groups.

naimhusin
Level 1
Level 1

You need to have the PTR record in the DNS (used by Stealthwatch) so then the Stealthwatch can do the reverse DNS lookup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: