punisherVX
commented
6 years ago Best way to approach this is to have it done by logstash at ingest time. There is a domain resolution plugin that could work for this and needs to be tested.
Closed punisherVX closed 6 years ago
punisherVX
commented
6 years ago Best way to approach this is to have it done by logstash at ingest time. There is a domain resolution plugin that could work for this and needs to be tested.
punisherVX
commented
6 years ago This is part of the logstash enrichment and is done using the DNS filter plugin for logstash. It is commented out in the default file with instructions on un-commenting and a warning about the fact that if the logging server is behind a NGFW that will trigger on the DNS query, the user will cause a recursive loop that will not be fun to recover from.
Expected behavior and actual behavior.
Currently, the domain event does not have the domain actually resolved to the IP in the event doc. Customer has requested that this be part of the event processing.
Specifications like the version of the project, operating system, or hardware.
SFN3.0+