Did anyone encounter problem such as hostname does not match with the IP address for alert ingested from NGFW?
This is especially true when come to host that doesn't have Cortex XDR agent installed. Now, if the host cannot install with Cortex XDR agent for whatever reason, is there any way that I could improve the accuracy of the DNS resolution?
Right now, I'm considering DNS server log ingestion. But I'm uncertain that it will solve the issue.
I'm looking into this issue and i'll get back to you as soon as I have something.
Since you have a Pro per TB license, you can ingest your Microsoft DHCP logs which will help improve this data (assuming that the endpoint in question is receiving an IP address assignment from DHCP). These logs can be ingested with the XDR Collector and configuring it to ingest Microsoft DHCP log files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!