EDR displays an IP address but no other information about an endpoint
search cancel

EDR displays an IP address but no other information about an endpoint

book

Article ID: 236203

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When searching in Search -> Database -> Entities some entries show the IP address as the hostname and enrollment as "Unsupported".

Additionally when clicking on the "hostname" no information about the client is available.

Environment

Release :

Component :

Cause

The IP address belongs to a machine that is not in a group listed in the EDR's SEPM Group Inclusion list.

Resolution

Ensure that the machine is a supported client and is in a group that is in the SEPM Group Inclusion list on EDR.

Additional Information

When an event occurs EDR checks its internal database to see if it can correlate the event to a known endpoint.  If there is no known endpoint listed in the internal database then EDR creates an entry with what information is available and sets all other values to a default of "Not Available" or "Unsupported". 

EDR does not query the SEPM database for information on endpoints that are not in a group listed in the EDR's SEPM Group Inclusions list.

Powered by Wolken Software