Skip to content

NDR

Sophos Network Detection and Response (NDR) monitors your network traffic for suspicious or malicious behavior.

Sophos NDR can detect unprotected devices, potentially malicious devices communicating across the network, abnormal traffic flows, and server command-and-control (C2) threats.

You integrate Sophos NDR with Sophos Central so that its detections are available for investigation.

A Sophos NDR integration uses a log collector hosted on an appliance. The appliance receives NDR data and forwards it to Sophos Central.

If you haven't set up NDR yet, see Sophos NDR on ESXi or Hyper-V or Sophos NDR on AWS.

This section describes how to use Sophos NDR and NDR Investigation Console.