Add MAC, computer name, and 802.1X Identity to IPS alerts

Submitted by -
Status: New Idea

The IPS functionality is helpful, but especially with DHCP we need a faster way to track down the computer that created the alert.

Imagine you see this alert from 2 days ago:

PS Alert 1: A Network Trojan was Detected. Signature ET CNC Zeus Tracker Reported CnC Server group 22. From:, to:, protocol: TCP

You end up having to go back through the address assignment history looking for the local IP, and then go looking for the computer by MAC or Computer name.

The controller already has the computer name. For WPA2-Enterprise networks, the controller also has the 802.1X Identity.

Responding to alerts would be much easier if the alert included the MAC and computer name of local systems and the 802.1X Identity if present.