Hi SIEM specialists,
I have a hard time solving problem with data sources, that do not have a static IP or DHCP reservation. These machines could change their IP address anytime and I am not able to manually change the data sources every time it happens.
Basically, I have two types - syslog data sources and WMI Event logs. Both of them could change IP address.
The only thing I can think of is defining the log source using a fqdn instead of IP, but this seems impossible.
Any other ideas how to cover log sources with dynamic IPs?