I too have two devices, both fully monitored in NPM, that NTA is declaring as unknown sources.
Both of these nodes that are displaying this issue are all NAT addresses, could that be the problem?
Do you have NTA hotfix 2 installed for NTA 4.2.1? That's what SW support recommended for us that fixes this issue (supposedly). Probably going to do this after the new year.
Funny enough I have spent the last 2 weeks trying to figure this out and I believe I have a solution
What I did was, manage the device(s) that show up in that event list...I was able to discover them and add them to NPM a second time...it seems counter-intuitive but it will start collecting data from NTA on that device
The reason for this, at least in our environment, after talking with a Network Engineer here, we were sending Netflow data out of a VRF interface on the Node...this seemed to also be crashing the Netflow service on my pollers...as of this morning, the service has not crashed in 2 days and I am receiving full data...I'm not sure if this is happening to you but if you check the Netflow data around the time of the message coming in, you might see a minute or two of missing data while the service recovers on the collector
We are planning on changing the flow data to go through the loopback interface and see what that does...that way if it works on the original nodes, I can remove the duplicate second nodes I added after seeing the message in the Events for NTA. For what its worth this seems to be affecting 3 of our ~150 nodes we monitor through Netflow alone...we have ~2000 nodes in NPM
I do have a ticket open with SW on this...and they have some other ideas but I might be sticking with where I am right now.
We are running NTA 4.1.2 with NPM 12.0.1...no hotifxes on NTA
Let me know if you have any more detailed questions you want answered