You might need to identify an IP address based on a host name when doing the following:
In order to execute this procedure in your environment, the following data, services, or apps are required:
A Windows desktop has been infected by ransomware, and you need to identify the IP address of the infected machine as part of your investigation.
NOTE: To optimize the search shown below, you should specify an index and a time range.
- Run the following search:
- In the field sections on the left, find and click sourcetype.
- Click the value with the highest count to add it to the search.
- In the field sections on the left, find and click src_ip.
This search returns the IP address most likely associated with the host name of the infected machine.