NDR (Network Sensor)

How can I see all NDR alerts?

Many options:

On the main Security Detections dashboard, under Data Source drop down menu, choose Network Sensor or Network Intrusion;
OR click on the NDR section in the pie chart:
Under Main menu/My SOC/Alerts&Detections/Network Behavior and Network Intrusion dashboards.

How can I see all network traffic events (not alerts)

Under main menu/Network. Network traffic flows contains all traffic metadata for full assurance, so breaches will be recorded even if not detected and includes all business traffic. The other dashboards contain data for individual traffic types:

How to inspect incoming traffic only?

In the top right corner, click on inbound to see all inbound traffic:

How to see all anomalies and attacks?

Under main menu/Network/network Intrusion Detection, All network Intrusion Events. This module only records suspicious activity. To see all attacks from the outside, click on inbound under the Network Direction pie chart. To see what ports/services attract hackers, refer to the Destination Ports table that lists the count of unique incoming source IP's.

PreviousEndpoint Agent NextMicrosoft 365 Monitoring

Last updated 16 days ago

hashtagHow can I see all NDR alerts?

hashtagHow can I see all network traffic events (not alerts)

hashtagHow to inspect incoming traffic only?

hashtagHow to see all anomalies and attacks?

How can I see all NDR alerts?

How can I see all network traffic events (not alerts)

How to inspect incoming traffic only?

How to see all anomalies and attacks?