Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 1937 views
  • Users 0 members are here
Options
Suggested

Feature Request - Better Identification of Unidentified Devices on Reports

JTBrunnerACS

Would it be possible to include the Host Name found in DHCP on the reports? As it is now it is very difficult to determine who went to where based simply on an IP address. Since these IP addresses are given out on a regular basis it also makes identifying someone difficult after the fact. Also helpful might be a detailed DHCP report of who was issued what IP address at a specific time on a specific date. We made the Sophos the DHCP server in hopes of getting more detailed information but it appears that is not the case.

Here is a good example of what I'm talking about...

If I click on ATP from the main Control Center page I get this, as you can see it says Unknown Hostname under the IP address.

However...

If I go to the DHCP page and look up one of the IP addresses I can clearly see it has a Hostname...

So obviously the information is there, why not present it instead of making us jump through hoops to find the info we need?

Parents
  • 0

    A good request. At this stage you need to use clientless and static address assignment and even then you only get the details in some reports. I suspect, but haven’t tried because my windows server died that using an external dns that is linked to the DHCP server might provide better results.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Our Sophos is connected to our Windows AD servers and DNS but unless they are authenticated with STAS or the authentication client there is no other identification, they just show up as Unidentified in the reports. Was hoping they would have at least identified the host by the host name in DHCP seeing as the Sophos is providing that service and has that information at its disposal. There should be a way to at least drill down to that information without having to jump through hoops and check the DHCP leases in hopes that the person is still on the network and still has the same IP. Detailed DHCP logs would go a long way in enabling this capability, cross the time of the violation with the IP address in the DHCP log and bingo, you got your host name.

Reply
  • 0 in reply to rfcat_vk

    Our Sophos is connected to our Windows AD servers and DNS but unless they are authenticated with STAS or the authentication client there is no other identification, they just show up as Unidentified in the reports. Was hoping they would have at least identified the host by the host name in DHCP seeing as the Sophos is providing that service and has that information at its disposal. There should be a way to at least drill down to that information without having to jump through hoops and check the DHCP leases in hopes that the person is still on the network and still has the same IP. Detailed DHCP logs would go a long way in enabling this capability, cross the time of the violation with the IP address in the DHCP log and bingo, you got your host name.

Children
No Data
Unfiltered HTML