Version:

Configuring IPtoHost Enrichment Source

Configuring IPtoHost Enrichment Source involves two steps:

  1. Adding IPtoHost Enrichment Source

  2. Adding Enrichment Policy

Adding IPtoHost Enrichment Source

  1. Go to Settings >> Configuration from the navigation bar and click Enrichment Sources.

  2. Click Add.

  3. Select IPtoHost.

    _images/LP_Config_ES_Add_IPtoHost.png

    Adding IPtoHost as an Enrichment Source

  4. Enter a Name.

  5. In IP Field Name, enter the field name which contains an IP Address.

  6. In Host Field Name, enter the field name where the hostname should be kept.

If you select Use only the private IPs present in the HOMENET list , Logpoint enriches only the logs with the IP field name present in the HOMENET list.

  1. Click Save.

Adding Enrichment Policy

You can now add a new enrichment policy using the enrichment source you created above. To do so, go to Adding Enrichment Policy.

In the example below, you can see IPtoHost used as an Enrichment Source. If a log contains the field source_ip_address, Logpoint enriches the log using the data from the DNS Server.

_images/LP_Config_IPToHostEnrichmentPolicy.png

IPtoHost Enrichment Policy

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support