1. Investigation

Service violation incidents indicate that a service running on a protected host has attempted to use privileges beyond what is expected.

Determine if the service has any known vulnerabilities by reviewing the applicable information in Monitor > Vulnerabilities > Hosts.

For additional information, review the Twistlock runtime audit logs, any logs that the service generates, and syslog on the affected host.

2. Mitigation

Resolve any vulnerability and access issues found in the investigation phase.