Service violation incidents indicate that a service running on a protected host has attempted to use privileges beyond what is expected.
Determine if the service has any known vulnerabilities by reviewing the applicable information in Monitor > Vulnerabilities > Hosts.
For additional information, review the Twistlock runtime audit logs, any logs that the service generates, and syslog on the affected host.