Hello,
since the update to ELS 8.5.3 we receive
"Agent Spoofing - Multiple Hosts Using Same Agent" messages. We were able to narrow down the message to be related to the DHCP integration. As soon as this is activated, these messages appear in the Elastic-Security Alerts. Is the problem already known?
greetings
After the stack update, did you check for updates to the integrations? It is also interesting to check your Policies if they do not have any indication of abnormalities.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
