Intermittent Windows Agent Connection For Breach Detection System
Incident Report for CyFlare
It was determined that after the Windows agent was upgraded, required services may have stopped running and required restart. A watchdog system is built into the agent to prevent this from happening, however a specific check was not included and allowed this to happen. When this occurs the agent would show as disconnected and may no longer send log data.

The scope for this incident is limited to Windows Servers that have the Breach Detection Agent deployed. Not all servers were affected.

Should you have servers that were affected, your customer success manager will reach out to you directly.
Posted Mar 06, 2020 - 17:32 EST
We have identified an issue in which some clients and some windows servers may not be connected and sending data. We have investigate the issue and determined root cause along with corrective action to be sure they do not recur in future upgrades.

Your Customer Success Manager will be in touch within the next 24-48 hours to discuss and provide feedback or further instruction if you have servers in your environment that were affected along with instructions for remediation. Please note, in coordination and round the clock support we have made modifications to ensure logs from the last week are harvested and sent to cloud for analysis.

Thank you for your support of CyFlare as we continue to improve on critical items such as this, and we appreciate your attention to this matter.

This incident will be left open until we are confirmed have released the patch, expected within 12-18 hours and confirmed all systems are functioning as normal.
Posted Mar 05, 2020 - 22:29 EST
This incident affected: Breach Detection Service.