Agent Spoofing - Multiple Hosts Using Same Agent after update to 8.5.3

Paradox · December 15, 2022, 9:17am

Hello,

since the update to ELS 8.5.3 we receive
"Agent Spoofing - Multiple Hosts Using Same Agent" messages. We were able to narrow down the message to be related to the DHCP integration. As soon as this is activated, these messages appear in the Elastic-Security Alerts. Is the problem already known?

greetings

wsouza · December 25, 2022, 11:39pm

After the stack update, did you check for updates to the integrations? It is also interesting to check your Policies if they do not have any indication of abnormalities.

Topic		Replies	Views
Agent Spoofing alerts due to mismatched agent id's since 9.2.1 update Elastic Security	4	188	November 20, 2025
Unable to initialize fleet v8.5 Elastic Agent	2	148	December 26, 2022
Elastic Agent 8.3.3 - Endpoint Security Integration not found inside host Elastic Agent elastic-stack-security , fleet	1	317	September 16, 2022
Elastic agent install error: already installed at: /opt/Elastic/Agent Elastic Agent	5	4221	April 15, 2023
Elastic-agent stopped working after adding new integration Beats fleet , elastic-agent	3	2753	July 12, 2021

Agent Spoofing - Multiple Hosts Using Same Agent after update to 8.5.3

Related topics