Skip to content
  • There are no suggestions because the search field is empty.

How does Holm Security determine a hostname in network assessments?

During a network assessment, Holm Security automatically attempts to identify both the hostname and IP address of each scanned asset. Accurate hostname and IP detection improves reporting quality, asset management, and correlation with external systems such as DNS, Active Directory, or CMDBs.

Because networks differ in configuration and access permissions, the scanner uses several independent detection methods.

If several sources return results, the scanner selects the most reliable one according to an internal priority order.

The detection methods below are presented in the scanner’s internal priority order (highest priority first).

1. Kubernetes Services (Cluster Scans)

When scanning Kubernetes clusters, the scanner can associate IPs with service names provided through the cluster context.

  • In Kubernetes scan mode, service DNS names are treated as authoritative and used as the primary hostnames for assets within the cluster.

  • The corresponding IP addresses of the services are also recorded for network mapping.

This ensures that Kubernetes workloads are identified by both their logical service names and their IPs.

2. Customer / Custom Hostname and IP Overrides

The scanner supports customer-provided overrides through custom configuration scripts. These values are given the highest priority because they represent explicit user input.

Examples include:

  • HID-2-1-5311451 – Register NetBIOS Desktop Name as Hostname (Custom)

  • HID-2-1-5311452 – Register ComputerName as Hostname (Custom)

  • HID-3-1-6412121 – Register static IP as asset IP (Custom)

3. DNS Resolution (Forward and Reverse Lookup)

The scanner checks DNS to detect both hostnames and IP addresses:

  • Forward DNS — if the scan target is specified as a hostname (e.g., server01.example.com), the scanner resolves it to an IP address.

  • Reverse DNS (PTR lookup) — when scanning by IP, the scanner attempts to resolve the hostname via the reverse DNS record.

This is the most common method for servers and network appliances.

4. WMI / Active Directory (Authenticated Windows Scans)

When WMI or Active Directory credentials are provided, the scanner may retrieve:

  • Hostnames, including the fully qualified domain name (FQDN)

  • Configured IP addresses (IPv4 and IPv6)

Because this information comes directly from the operating system or directory service, it is considered authoritative.

5. SMB / NetBIOS (Windows Hosts)

If SMB/NetBIOS ports (139/445) are reachable, the scanner queries the host for its Windows machine name.

  • The host’s IP addresses are confirmed alongside the hostname.

  • This is often the most accurate source for Windows workstation and server hostnames.

6. SSL/TLS Certificate Hostnames

If a host exposes encrypted services (HTTPS, SMTPS, LDAPS, etc.), the scanner inspects the certificate and extracts hostnames from:

  • Common Name (CN)

  • Subject Alternative Names (SAN)

  • Corresponding IP addresses are also recorded from the host connection.

This is especially useful for appliances, web servers, and load balancers.

Using multiple methods ensures that hostnames and IP addresses can be discovered even in complex or restricted network environments.