Searching for station IP based on the contacted hostname
Method to find the station IP when the contacted hostname (by the station) is known. For example, reported by a firewall.
Product: Flowmon Collector
How do we find the station IP when we know the hostname the station contacted?
|Steps to Reproduce:
Flowmon Probes and some other third-party flow sources can export hostnames to the flow data. Moreover, the probe can also export DNS queries to the flow data.
This information can be used in the Monitoring Center - Analysis to filter the flow data and find the station IP.
Sample filter can be:
hhost - filters the hostname
dns-qname - filters DNS query
In both cases, the filter search is also for a substring, matching google.com, and other variations.