We see from time to time an incident popping up with an asset (with agent) which detecting protocol poisoning: netbios from 0.0.0.0 with a random query.
Has anyone any idea how to investigate this and what it exactly means. Help would be appreciated.
I have also seen this alert fire many times when an endpoint is connected to a non-managed wifi network that has some misconfigurations in it, was always something I asked the customer “is the asset connected to a public wifi, if it is, have them disconnect”