DNS resolution was wrong for Firewall alerts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS resolution was wrong for Firewall alerts

L2 Linker

Dear LIVEcommunity,

 

Did anyone encounter problem such as hostname does not match with the IP address for alert ingested from NGFW?

This is especially true when come to host that doesn't have Cortex XDR agent installed. Now, if the host cannot install with Cortex XDR agent for whatever reason, is there any way that I could improve the accuracy of the DNS resolution?

myu06kkn_1-1685698402054.png

Right now, I'm considering DNS server log ingestion. But I'm uncertain that it will solve the issue.

Thank you.


Cortex XDR 

AC
3 REPLIES 3

L4 Transporter

Hi @Antony_Chan,

 

I'm looking into this issue and i'll get back to you as soon as I have something.

L4 Transporter

Hi Myu06kkn,

 

Since you have a Pro per TB license, you can ingest your Microsoft DHCP logs which will help improve this data (assuming that the endpoint in question is receiving an IP address assignment from DHCP).  These logs can be ingested with the XDR Collector and configuring it to ingest Microsoft DHCP log files.

@afurze Thanks for the input. In my case, it was static IP address that assigned to servers. So DHCP log ingestion may not be applicable. I'll keep that in mind if the same issue occurred to DHCP hosts.

AC
  • 1290 Views
  • 3 replies
  • 0 Likes
  • 78 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!