Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

resolving IPs to hostnames in IDS events

Is there any way to resolve the reported IP address in a signature that fired into a hostname? Here's the background as to why:

We have a customer with a custom signature. We have a list of authorized devices which basically tells us not to sound the alarms if a particular host fires this signature. All others, we need to let them know.

When this signature fires, it only shows the source IP address. Many of the authorized hosts are on a network that uses DHCP. So, we can't filter out by IP address since these are dynamic. All we know for certain are the hostnames that are authorized.

Any way to make the IDS resolve hostnames for a particular signature? Even for all signatures if a global command exists?

Thanks!!

Jim

2 REPLIES
New Member

Re: resolving IPs to hostnames in IDS events

I am not sure about resolving the IP on the IDS. Is it possible to make a DHCP reservation for a particular IP for the specified host? You typically just associate the MAC address with the desired IP. Then that host will always grab that particular IP in the DHCP range. Then you could filter by IP, since it will remain constant.

New Member

Re: resolving IPs to hostnames in IDS events

Definitely an option I will pose to the client - thanks for mentioning that.

118
Views
3
Helpful
2
Replies
CreatePlease login to create content