Hello,
I believe that could happen due to different scenarios:
- the agent is not correctly connected to the endpoint server during the incidents (could happen due to some issue on EPS, lack of 'good connecton', etc.)
- the agent changed from external connection to corporate connection but the IP address in cache didnt update (fix: flush dns of the agent/machine)
- the agent does not have connection but the IP address in cache still wrong (fix: flush dns of the agent/machine)
- the agent is using a VPN (in such case will depend on your configurations)