Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Under Review

NDR detection

Hi

I installed NDR appliance in my network, and I'm getting this messages:

NDR-DET-DDE-MACIPHOSTNAMECORRELATION

"Source MAC address, IP address, and Hostname correlation based on MDNS and NetBIOS"

The detection in low severity.

Any idea what is that and what should I do?

Shay

  • The NDR-DET-DDE detections have a severity score to indicate if they need to be investigated or not. DDE Detections like the one you mention have a score of 1. This is statistical information sent to the Datalake to enable the NDR queries to function correctly. NO action is required