Where does fqdn get populated during Discovery. We are currently probe based for windows, linux, ip_switch and ip_router and we have a mix of fqdn being populated or not.

DuaneNMore · ‎03-18-2020

We hae customers asking how fqdn gets populated by Discovery and I am having a little trouble figuring that out. It becomes clearer when we move to patterns but that doesn't seem to be happening in the near future so I am wondering how/where that gets set of windows and linux servers; and switches and routers.

doug_schulze · ‎03-18-2020

That happens in the classify sensor with support from a script include, I believe, hostnameJS

Tanaji Patil · ‎03-18-2020

FQDN is set in the Fully qualified domain name field.
We are using patterns now. But if I recall then I think it was DNS sensor scripts that was getting the FQDN from the Shazzam probe result (i.e. input) using the IP address. In Shazzam probe result you will see FQDN of each IP address scanned (if port 53 is open).

-Tanaji
Please mark reponse correct/helpful if applicable

Erica Hawkins · ‎07-20-2022

Hi Tanaji, how do I see the Shazzam probe result? I like, @DuaneNMore am getting mixed results for the FQDN but for the majority of the records it doesn't populate at all.

doug_schulze · ‎07-22-2022

IN your discovery status record there should be a tab labeled ECCQueue. IN that tab you will find the shazzam probe, look at the input record and you will find the xml that shows the results of the DNS Resolution.