To understand Network Detection and Response (NDR), you must understand the hierarchy of security telemetry: Events , Incidents , and Campaigns .
An Event is a single anomaly or triggered detector (e.g., an IDS signature matching, or NTA noticing an unusual DNS query).
An Incident is a formalized alert presented to the security analyst in the NDR dashboard, indicating an actual threat that requires investigation.
While the primary power of vDefend NDR is its Artificial Intelligence engine—which correlates multiple seemingly low-level events (like a port scan followed by a suspicious file download and lateral movement) into a single, high-confidence Incident—an Incident does not strictly require multiple events.
If a single, highly critical event occurs—such as the Malware Prevention engine definitively detonating and confirming a severe piece of zero-day ransomware—the NDR engine will immediately escalate that single event into a full-blown Incident . Therefore, an incident may consist of just one highly critical event, or dozens of lower-level events correlated together over time.
=========================
