mgmt and network team asked for DNS resolution in nDepth.
I think perhaps an option (on/off) would be probably better as i expect this would add time for result-set to populate...who knows.
Thanks!
wow... You read my mind, I was talking about this yesterday in a meeting.... This would be extremely helpful....
Workaround:
Use the nslookup explorer. First, designate an agent for your lookups (manage > appliances > settings > explorer command agent). Then, in nDepth (or filters), you can select a data element, go to "Explore" and hit "nslookup" to open the nslookup explorer.
Questions for anyone interested:
Do you need this data to be in the exports from nDepth, or just in the result details that are rendered in the console?
What about LEM reports? Or filters? Is nDepth enough because you're approaching it differently, or would you expect us to actually add some kind of DNS look up into the data itself everywhere it appears?
We'd likely only look up fields that we think are names/IPs - Source/Destination Machine, Insertion/Detection IP, etc.
We hesitate to modify or alter the actual data received, which is one of the reasons we don't do this today. nDepth is a little special because we're already looking up the data, so it may be possible to build a little DNS cache and use it like a lookup table. This would of course take up space and make searches slower while the cache builds, so it might not be awesome in large result sets (definitely an on/off switch!!).
This data would need to be in reports and exports. Exports from nDepth would be highest priority.
The on/off switch would be awesome and a local (on LEM appliance/VM) arp table would be perfect for faster lookups.