I have several false alerts in Triton for filtering services not being started on 4 different filtering servers in my environment. I have verified Triton/Policy server has connectivity both ways to all of them. All services are running normally. 2 are appliances, 2 are Windows servers. One is even on the same subnet as the Triton/Policy server! Sometimes it says they are not sending logs, but they are, and sometimes it says the DC Agents are not available either, when they are.
I'm tired of the security operations center folks bugging me about them.
Has anyone experienced this?