As per AlienVault, they suggest not using the SIEM in a DHCP environment.
I came in as a security manager after the purchase of AV.
I was blown away that AV basically said that our clients would need to have static IP addressing or DHCP reservations set for AV to accurately perform network inventories and vulnerability scans.
Now I am needing to go back to the drawing board and find either addon tools to fill this void or scrap AV and find a SIEM that doesn't require a client to redesign the network and can be scalable the way I need it to be.
Has anyone felt this pain and what was your solution?
How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.