In a DHCP environment, the host associated with an IP address can change unpredictably, which obviously makes it hard to track down who owned an IP at the time of an event of interest. What is an affective method or strategy for recording the current host name and possibly user account with, with a leased IP address at the time an event is recorded?
for the Usernames you can use Data enrichment like in this link -> SIEM Foundations: Implement Enrichment to Pull in Full User Name From AD
for the Hostname you can use the Asset Manager. im not realy sure about that but i mean there is a sulution too for enrichment for Hostname. But i didnt find the page