Agent Spoofing - Multiple Hosts Using Same Agent after update to 8.5.3


since the update to ELS 8.5.3 we receive
"Agent Spoofing - Multiple Hosts Using Same Agent" messages. We were able to narrow down the message to be related to the DHCP integration. As soon as this is activated, these messages appear in the Elastic-Security Alerts. Is the problem already known?


After the stack update, did you check for updates to the integrations? It is also interesting to check your Policies if they do not have any indication of abnormalities.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.