In the events that arrive from Snare I see blank source and destination IP addresses. Is this because the windows host name is not in DNS, but in a WINS server?
If so, can I do one of the following?
(1) Have it use the hostname instead of doing the lookup.
(2) "Teach" it to ask the wins server for the address (e.g. to check nslookup and then smblookup).
Any pointers are welcome.