Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=NDR-Essentials

NDR Essentials and Active threat intelligence

Network Detection and Response (NDR) is a category of network security products designed to detect abnormal traffic patterns to help identify active adversaries operating on your network. Even skilled attackers need to move across or communicate out of your network to carry out an attack. NDR uses sensors to monitor and analyze your network traffic to identify suspicious activity.

  • About NDR Essentials

    NDR Essentials uses machine learning to analyze your firewall traffic, and detect indicators of compromise (IoCs).

    About NDR Essentials

  • Configure NDR Essentials

    Learn how to configure NDR Essentials.

    Configure NDR Essentials

  • Test NDR Essentials

    Generate test detections to check that Sophos NDR is correctly set up and working.

    Generate NDR test detections

  • About NDR Active threat intelligence

    NDR Active Threat Intelligence uses curated detection patterns to identify malicious traffic and active adversaries. The firewall logs these events and sends them to the Data Lake for XDR and MDR analysis.

    About NDR Active threat intelligence

  • Configure NDR Active threat intelligence

    Learn how to configure NDR Active threat intelligence.

    Configure NDR Active threat intelligence