Hello
@Edgar Faria,
I'm not sure to understand the question, guess it was related to the asset database handled by QRadar.
Of course you have enhanced functions like this in QRadar...
If you simply want to see where an IP belong for an analyst you just have to let the pointer of the mouse on the IP, you will get :
- The Geographical Location with a map
- Depending if you use ATPF, the IOC risk score
You can right click an IP to on log activity and select More Options > Information > WHOIS Lookup
As you use the MaxMind GeoIP on QRadar too if you correclty configure it you have the physical location or registrar location.
Hope this helps,
Regards,
@zoldax
------------------------------
@zoldax
https://www.youracclaim.com/users/pascal-weber.029e134d/badges------------------------------
Original Message:
Sent: Mon July 18, 2022 01:03 PM
From: Edgar Faria
Subject: APP to do whois and populate "Source Asset Name"
Hi,
My question is related to public IP's that don't belong to the client. Other siems display the whois result.
Regards,
Edgar
------------------------------
Edgar Faria
Original Message:
Sent: Sun July 17, 2022 06:09 AM
From: Pascal Weber
Subject: APP to do whois and populate "Source Asset Name"
Hello @Edgar Faria,
If it is an Asset of your QRadar it is related to the identity field matching this and your network hierarchy, so you can tune.
You can take a look at the Asset profiler Configuration on Admin tab on how to handle identity DNS or WINS.
Hope this helps,
Regards,
@zoldax.
------------------------------
@zoldax
https://www.youracclaim.com/users/pascal-weber.029e134d/badges
Original Message:
Sent: Thu June 23, 2022 04:39 AM
From: Edgar Faria
Subject: APP to do whois and populate "Source Asset Name"
Hi All,
Is there any application to do whois when a SRC/DST IP is a public IP and fill in the "Source Asset Name"?
Regards,
Edgar
------------------------------
Edgar Faria
------------------------------