[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    [security-onion] Re: resolve ip adress in IDS alert with DNS
From:       Wes <wlambertts () gmail ! com>
Date:       2017-04-21 1:00:27
Message-ID: c9eb5374-7d68-402c-b110-1f28ad015a4f () googlegroups ! com
[Download RAW message or body]


On Thursday, April 20, 2017 at 2:36:16 AM UTC-4, Raphael Delaporte wrote:
> Le mercredi 19 avril 2017 22:30:49 UTC+2, Wes a écrit  :
> > On Wednesday, April 19, 2017 at 10:39:16 AM UTC-4, Raphael Delaporte wrote:
> > > hi everyone,
> > > I would set a resolve ip adress in Squert to show the name of computers.
> > > it is possible ?
> > 
> > Raphael,
> > 
> > Have you tried using a lookup from the source IP or destination IP to get what \
> > you are are looking for?  As far as DNS resolution for internal addresses, I do \
> > not believe Squert provides this - have you tried looking at Sguil for this? 
> > Thanks,
> > Wes
> 
> Wes,
> thanks you for this fast response.
> 
> If I lookup an ip in local, I got the name of the computer because I have set the \
> DNS in configuration file "/etc/network/interface". But in Squert I only see the ip \
> adress and I need to display the names of computers and I don't know how to do. 
> thanks,
> Raph

Raph,

By default, Squert does not resolve IP addresses.  You could try adding a lookup to \
achieve this.

https://github.com/Security-Onion-Solutions/security-onion/wiki/Squert#adding-your-own-pivots


Have you considered using Sguil?  It can perform DNS resolution for IP addresses it \
sees (bottom left-hand side of screen)

Thanks,
Wes

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]