I need a solution
I have been looking around the net and did find a few things that might help me out, but I'm suprised this issue isn't more pervasive on the forum.
The situation is, I get an Incident like FTP/PHI and all I have in the incident is the IP. I have databases where I can link the IP to a username [realtime] which will allow me to offload the incident to a data owner instead of the security team doing work. I could automatically export the database daily or hourly into CSV and pull it from there.
How do you guys deal with it?
I do see this from a couple of years ago:
https://www-secure.symantec.com/connect/forums/liv...
Thanks,
Rich