Sophos Endpoint

NDR Queries NDR detection

Sophos Endpoint requires membership for participation - click to join

Under Review

11 months ago

NDR detection

Hi

I installed NDR appliance in my network, and I'm getting this messages:

NDR-DET-DDE-MACIPHOSTNAMECORRELATION

"Source MAC address, IP address, and Hostname correlation based on MDNS and NetBIOS"

The detection in low severity.

Any idea what is that and what should I do?

Shay

Shay Hanya

Karl_Ackerman 11 months ago

The NDR-DET-DDE detections have a severity score to indicate if they need to be investigated or not. DDE Detections like the one you mention have a score of 1. This is statistical information sent to the Datalake to enable the NDR queries to function correctly. NO action is required
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel