After installing the Bit9 Connector for Network Security Devices add-on, the Bit9 Server starts to make UDP/137 (NetBIOS) queries to foreign IPs.
Unexpected UDP/137 (NetBIOS) traffic appears on the network.
When the Bit9 Reporter receives a notification from a Palo Alto Network or FireEye device it gets the IP address in the notification. The Bit9 Reporter then attempts to resolve the IP to an actual DNS name so that it can be stored for future display in the UI. This can result in a NetBIOS query for the IP.
While we are only attempting to resolve the IP to a user friendly DNS name and are not attempting to access or contact the remote IP, if you wish to turn off this behavior, please contact the Bit9 Support team.