I have a situation. I have to correlate events from a data source that generate data based in domain name, and a data source that only see Source IP or destination IP, for example a Firewall.
In Data Source 1, i see an event with Field Destination_Hostname: example.com
In Data Source 2. I see events with source IP: 22.214.171.124
I want to correlate this two events, Is it possible to transform example.com to 126.96.36.199 and use it in a correlation rule?.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC