A security analyst is investigating a suspicious IP address. They want to find all events related to that IP. Which field should they use in a search?
Trap 1: dest_ip
dest_ip is the destination IP, not the source.
Trap 2: host
host refers to the hostname or device name.
Trap 3: user
user is for username, not IP address.
- A
source_ip
source_ip typically contains the originating IP address.
- B
dest_ip
Why wrong: dest_ip is the destination IP, not the source.
- C
host
Why wrong: host refers to the hostname or device name.
- D
user
Why wrong: user is for username, not IP address.