1. Overview

Service violation incidents indicate that a service running on a protected host has attempted to use privileges beyond what is expected.

2. Investigation

Determine if the service has any known vulnerabilities by reviewing the applicable information in Monitor > Vulnerabilities > Hosts.

For additional information, review the Prisma Cloud runtime audit logs, any logs that the service generates, and syslog on the affected host.

3. Mitigation

Resolve any vulnerability and access issues found in the investigation phase.