Under Review

NDR detection


I installed NDR appliance in my network, and I'm getting this messages:


"Source MAC address, IP address, and Hostname correlation based on MDNS and NetBIOS"

The detection in low severity.

Any idea what is that and what should I do?


  • The NDR-DET-DDE detections have a severity score to indicate if they need to be investigated or not. DDE Detections like the one you mention have a score of 1. This is statistical information sent to the Datalake to enable the NDR queries to function correctly. NO action is required