This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

alias.host meta

Go to solution
Anonymous
Not applicable

‎2013-11-12 12:55 AM

Is there any way to have alias.host populate for various devices during collection without using a custom feed that one needs to maintain?  This seems like a lot of work to maintain a DNS mapping when Security Analytics should be doing this as ingest/collection.  The parser itself does not contain the alias.host meta value for many devices (rhlinux for example) and so this value is empty -- in Investigator view, you only see a list of devices for device.ip but alias.host is empty.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AdamRasnick
Beginner
Beginner

‎2013-11-14 12:08 PM

The alias.host value is for the host names of websites, not network devices..for example in a rule "alias.host = google.com"

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
AdamRasnick
Beginner
Beginner

‎2013-11-14 12:08 PM

The alias.host value is for the host names of websites, not network devices..for example in a rule "alias.host = google.com"

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to AdamRasnick

‎2013-11-18 09:25 AM

can SA use DNS query to resolve?

If not, means need to create customized feed?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.