EventSentry can automatically extract IP addresses from any event and supplement the IP addresses with reverse lookup and/or Geo IP lookup data. Providing geolocation and/or host names inside the email makes the usability of email alerts for the recipient significantly more useful without requiring the recipient to perform manual lookups.
The picture below shows an email alert which contains an IP address (blue rectangle) that has been enhanced by providing additional context. Immediately following the IP address is a reverse lookup (green line) as well as the geolocation of the IP address (blue line).
|
This feature is currently only available for email actions which utilize the collector. Both reverse lookup and geoip lookups are performed on the collector, not the agent. |
