AnsweredAssumed Answered

alias.host meta

Question asked by 2dGsTsDH7pMObNMpcYkB3sE7JafeRLNywiduVz7hmA0= on Nov 12, 2013
Latest reply on Nov 18, 2013 by huan zhou

Like • Show 0 Likes0
Comment • 2

Is there any way to have alias.host populate for various devices during collection without using a custom feed that one needs to maintain? This seems like a lot of work to maintain a DNS mapping when Security Analytics should be doing this as ingest/collection. The parser itself does not contain the alias.host meta value for many devices (rhlinux for example) and so this value is empty -- in Investigator view, you only see a list of devices for device.ip but alias.host is empty.

coCSAbzLgBkDkKhBc0SOLbnhEWBpZGxpdaFGPIwaUpg= Nov 14, 2013 12:08 PM

Correct Answer

The alias.host value is for the host names of websites, not network devices..for example in a rule "alias.host = google.com"

See the reply in context

No one else had this question

Outcomes

2 Replies

coCSAbzLgBkDkKhBc0SOLbnhEWBpZGxpdaFGPIwaUpg= Nov 14, 2013 12:08 PM
Unmark Correct
Correct Answer
The alias.host value is for the host names of websites, not network devices..for example in a rule "alias.host = google.com"
Like • Show 0 Likes0
Actions
- huan zhou @ coCSAbzLgBkDkKhBc0SOLbnhEWBpZGxpdaFGPIwaUpg= on Nov 18, 2013 9:25 AM
  Mark Correct
  Correct Answer
  can SA use DNS query to resolve?
  If not, means need to create customized feed?
  Like • Show 0 Likes0
  Actions

alias.host meta

Outcomes

Related Content

Recommended Content