dm:dns_ip_to_name: It allows to resolve the IP addresses listed in a column to FQDN names into another column.
dm:dns_ip_to_name: Syntax
from_cols (mandatory): Comma separated list of column names which has IP Address values
to_cols (mandatory): Comma separated list of column names to store resolved DNS Names (FQDN).
keep_value (optional):If it is set to 'yes', it stores the original value, else it stores 'null' value. By default it is set to 'no'
num_threads (optional): Number of DNS lookup threads. Must be in the range of 1 to 20, Default is set to 5.
This tag uses the DNS servers configured on the host os where cfxdx is installed and running for IP Address to DNS or FQDN name resolution.
It requires an input dataset or a tag which has one or more columns with IP Address values.
In the below example, tag dm:recallis used to retrieve the data from an existing saved dataset.
tag @dm:recall
data name = 'netstat-app-connections' --> @dm:dns_ip_to_name from_cols = 'localAddr' & to_cols = 'localAddr_fqdn' & keep_value = 'yes'
As shown in the below screen, dataset 'netstat-app-connections' has a column called 'localAddr' with IP Address values in it which is ingested into dm:dm:dns_ip_to_name tag to enrich the IP Address values by resolving them into fully qualified domain names and store the output into a new column called 'localAddr_fqdn'.
keep_value = 'yes' : This means, if an IP Address is not resolved to DNS name (FQDN), it will maintain the same IP Address as a value instead of leaving it as empty.
Below screen output shows the resolved DNS name (FQDN) under column 'localAddr_fqdn'
