EDR displays an IP address but no other information about an endpoint

book

Article ID: 236203

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When searching in Search -> Database -> Entities some entries show the IP address as the hostname and enrollment as "Unsupported".

Additionally when clicking on the "hostname" no information about the client is available.

Cause

The IP address belongs to a machine that is not in a group listed in the EDR's SEPM Group Inclusion list.

Environment

Release :

Component :

Resolution

Ensure that the machine is a supported client and is in a group that is in the SEPM Group Inclusion list on EDR.

Additional Information

When an event occurs EDR checks its internal database to see if it can correlate the event to a known endpoint. If there is no known endpoint listed in the internal database then EDR creates an entry with what information is available and sets all other values to a default of "Not Available" or "Unsupported".

EDR does not query the SEPM database for information on endpoints that are not in a group listed in the EDR's SEPM Group Inclusions list.

Attachments

Feedback

thumb_up Yes

thumb_down No