For alarms generated by the url_response probe, it is possible to 'spoof' the source of the alarm so that it appears to come from the target system. To do this open the test profile and toggle the 'Advanced' button in the bottom right corner. This will expose a number of additional fields. The one of interest is the 'Alarm Source Override" field.
The alarm source override field allows you to place in it an arbitrary string. Most often, an IP address of the targeted url. The contents of the field are used as the source field in the alarm message that is delivered to the NAS. The NAS then performs a dns (name) lookup based upon the source field and places the result in the hostname field of the alarm.
When this feature was introduced it was intended to provide a way for the source and hostname in the alarm to reflect the system that was in trouble rather than the system from which the url_response tests were being performed.
The net_connect probe has a slightly different method for setting the source field. Near the bottom of each alarm profile properties page, there is an identification method pulldown. The pulldown offers Host Name, IP Address, or Profile Name. Hostname and IP Address refer to the contents of the first two fields at the top of the properties sheet. The Profile Name refers of course to the name of the profile. By setting this pulldown, you can decide which of these three fields are sent to the alarm server as the source of the alarm. Usually, the best choice is IP address. Again, when source arrives at the nas, the hostname is looked up and then both are available in the alarm attributes for filtering and organizing the alarms.
Many other probes, such as the logmon probe, have an alarm source override field. The biggest trick is making use of name resolution on the NAS. Whatever it finds in the source field is used in a reverse lookup to try to obtain a hostname. One could conceivably build an /etc/hosts file beneath the NAS and cause the nas to do some interesting and useful translation.
Enjoy.