Prisma Cloud: How to validate if alert from "AWS ECS fargate task definition logging is disabled" is a false positive

Prisma Cloud: How to validate if alert from "AWS ECS fargate task definition logging is disabled" is a false positive

650
Created On 12/02/21 14:38 PM - Last Modified 02/06/25 21:29 PM


Objective


This documentation will validate if alert from "AWS ECS fargate task definition logging is disabled" is a false positive.

Environment


  • Prisma Cloud 
  • Alerts

Procedure


Please review the resource metadata under log configuration. If it has following elements, it is true positive alert. 

 1. Status is "Active"
 2. If the status is "Active" and 'containerDefinitions' has either false or 'logConfiguration.logDriver' does not exist, this is not a false positive.
Screen Shot 2021-12-02 at 9.31.21 AM.png
Screenshot 2024-12-09 at 1.26.51 PM.png 

* You do not need to have ECS (Elastic Container Service) enabled to receive this alert

Additional Information


View details here on what data to analyze and collect for false positive alerts. 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MTTCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail