Showing results for 
Search instead for 
Did you mean: 

Data Enrichment with Hostnames


I have found instruction on how to enrich data with a user's full name from Activity Directory but I'm struggling to find a way to enrich the data with hostnames. This is for the purpose of including hostnames for source IP addresses. I would like a new enrichment field to show the hostname of the source IP address the same way as in the screen shot below.

Does anyone have any ideas on how to do this.

Using SIEM 10.1

Thank you,


2 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Data Enrichment with Hostnames


Re: Data Enrichment with Hostnames

You are not going to be able to enrich Hostnames from AD using an IP address since it does not store that information in AD.  Howerver, if you have ePO in your environment you can use that to look up a hostname, username, system description, etc and enrich data in the SIEM with those.  

For your request of getting a hostname from an IP address, the query would look something like this:

"SELECT IPAddress, ComputerName FROM ePOComputerProperties"

Once you have that you can then use the source IP of an event to "guess" the hostname of the system.  I often enrich MAC Addresses, Usernames (Very useful for FW events that are not from a NGFW), Hostname in a lot of my data sources.  Obviously you need to be careful you do not enrich data that has more valid data already in it.  For instance, you dont want to enrich a username on an AD event since that is a point of record for a login event.  However, you may want to enrich the hostname of the AD event using the source IP so that its easier for your SOC to attribute where a login failure is comming from.   

Hope this helps.  

Tags (3)
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community