Excessive SharpHound alerts after upgrade
Reference ID: NDRE-1085
Date Published: 2026-05-07
Affected Product: NDR
Affected Version: v2.32.0
Status: Under investigation
Description:
The Possible SharpHound activity detection responsible for the high volume of alerts has been temporarily disabled to reduce alert noise.
After upgrading to v2.32.0, the system may generate a high volume of HIGH severity notifications related to SharpHound activity.
This behavior can result in:
A large number of alerts within a short period
Increased false positives
Disruption to normal SOC workflows due to alert noise
Additional manual effort required to filter and investigate alerts
Comments
Article is closed for comments.