Some events show the device_ip as an IPv6 address instead of IPv4 address
search cancel

Some events show the device_ip as an IPv6 address instead of IPv4 address

book

Article ID: 270417

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When searching the Symantec Endpoint Detection and Response (SEDR) appliance's events it is noted that some times the device_ip is listed as an IPv6 instead of an IPv4.

Environment

Release : 4.7.1

Cause

The device_ip is always set with the last IP address found found in the [ip_addresses] array from the internal EDR database. If the last IP-Address in the array is IPv6 then device_ip will utilize the IPv6 address.

Resolution

Broadcom engineering is aware of this issue and committed to resolving this issue in a future build.